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From the Editor 


m mm edging into March, and already a lot has happened in the world of Apple since last month. 

First, there was the introduction of new MacBook Pro machines. 'Fhe Big Deal about this is the 
W W addition of Thunderbolt ports (this is Apple's brand name for Intefs Light Peak technology). If you 
haven't heard about Thunderbcdt, it’s high-speed I/O that delivers lOGbps of data (like Firewire, just faster) 
and delivers IDGbps of video. You hear Apple bandy about the lOGbps figure, but in reality, Thunderbolt 
can deliver 20 simultaneous Gbps of performance, albeit it allocates l(X}bps to each channel. This marketing- 
speak makes sense as youll never actually see 20Gbps of performance from a single channel. On the video 
side, Thunderbolt keeps the physical form-factor of DisplayPort, so your existing setup should 'just work.' 

Next, we have the introduction of new^ iPads. Of course, weTe seeing an evolutit)n of the product, and 
many of the rumors were right. Now sporting front and rear-facing cameras, the iPad 2 also supports 
FaceTime (and notably, does not include the ability to multi-way chat using iChat. iChat and Facetime remain 
separate products and protocols. Shame). Finally, the iPad 2 gels a faster, dual-core proc’essor, the new Apple 
A5 chip. Overall, I don't see an overwhelming reason to upgrade. With 15 million first-gen iPads already 
purchased, developers aren't doing themselves any favors by wTiting softw^are that absolutely requires an iPad 
2. ] suspect most won't do this (unless, of course, you're a developer at Apple, w^here there's an incentive 
for tlijs). 

Last, but certainly not least, Apple surprised developers everyw^here by releasing a preview^ of Mac OS 
X 10.7, Lion. 'I'his developer seed represents the first public look at Apple's '‘Back to the Mac” philosophy. 
There are a lot of teclinologies to get your application ready for, including being able to suppon full-screen 
windows, auto-save, resume and more. Even in this early stage, Lion looks incredibly impressive. To 
paraphrase Benjmnin Franklin, “Behold Lion, a constant proof that Apple loves the Mac, and loves to see us 
happy." 

We also can't forget that we've been seeing more and more progress horn Xcode 4 seeds, which take 
into account a lot of the Lion-l:)ased tecimologies. We'd love to hear your take on Xcode 4 - what you love, 
like, dislike and outright hate al^out this new version and directit)n of tlie product. Under tlie NDA rules, 
nothing will be published until Xcode 4 actually ships. If you're interested in sharing, get us at 
letters@mactech.com. 

While w^e prep for all of this upcoming Lion and Xcode 4 got^dness, tliis muntli's issue is ju.st w-aiiing 
for your attention. There's great content no matter your skill-level or fcx:us. 

First, our cover story: An Intffjduction to Wiresliark. So many people ask about using a protocol analyzer. 
The one that don't ask, don’t realize the usefulness. A protcxol analyzer Ls useful to everyone - developers 
that send and receive any data over a network (and who dcxfsn t these days?) and to network professionals 
trying to figure out what applications are actually sending. Returning autlior Mihalis Tsoukalos writes tins 
intrcjduction and plans to follow on with several articles on deeper, Wireshark specifics. 

This month's Mac in the Shell wraps up the ba.sic coverage of Ruby for System Administrators. Gelling 
the fcjundations down cleanly enabje us to move on to more advanced and Mac-specific topics. 

Boisy Pitre's Developer to Developer brings up a technique to extend classe.s called "categories" 
Honestly, I hadn't been exposed to this at all However, it seems such a straight-fciiward way of extending a 
class, I’ll be trying to press it into service at some point. 

In addition to everything else that’s going on this month, we have our regulars back, including 
MacEnterprise by Greg Neagle, Ryan Wilcox's Consultant Cowboy and more, 

1 will say I’m pretty excited to be featuring Martin Pilkington in this month's MacTech spotlight. In 
addition to running M Cubed Software, Martin ran a great session at last year's NSConf Perhaps we can 
convince him to travel over for this year's MacTech Conference? (That’s a hint, Martin!) 

Enjoy this issue, and see you next month. 

Ed Marezak, 

Executive Editor 
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Mac in the Shell 

by Edward Marczak 


we name variables based on their scope. A variable's scopes 
defines in which pans of the program it can be seen. 

A local varktbie will start with a lower-case letter or 
underscore. It is then followed by other lowercase letters, 
numbers or underscores. Local variables are what you’ll use most 
often. Some examples of good local variable names would be: 


Rounding Out 
Ruby 

Finishing the basics 

V____/ 


browser 

color 

meeting_tiiie 

Comlants are set in all caps, like so: 

PI 

BIM^PATH 

Global variables are prefixed with a Dollar sign, but 

otherwise follow the naming rules of a local variable: 

Sbln_path 

Sverbose 

Instance variables begin with a single at-sign C*@”) and 
class variables begin with a double at-sign Valid 


Introduction 


instance variables would look like this: 

@first_name 

@rate 


The last few Mac in the Shell articles have given a high- 
level overview of Ruby: Why it's a good choice for the creation 
of Mac applications and scripts, its object-oriented properties 
and even how to deal with error conditions. Those were a gotxl 
high-level view of the whal-and-how to certain facets of Ruliy, 
I did gloss over a few- foundational Ruby basics and some 
conventions that you should he aware of. This month. I'll cover 
these last items so we move forward in future articles. As 
reminder, weTe using MacRul.iy rather than the plain-vanilla 
Ruby included wath the OS. 

Installing MacRuby 

As a quick recap, we've been using MacRuby, w^hich is a 
variant of Ruby 1.9. The version of Ruby that ships with Mac 
OS X 10.6 is 1.8.7, While there are some language changes 
between the 18 and 1.9 releases, MacRuby is actually an Apple- 
backed project that allows the Ruby language to run directly on 
top of the object!ve-C runtime. I'his was covered in the initial 
article on Ruby in this series, so, for more details, please see 
that article (MacTech 26,12, December 2010). For now, if you 
haven’t already, dowaiload and install MacRuby O.S from 
http://www.mQcmby.org/downloads.html. MacRuby installs itself 
separately from the system Ruby, and all binaries are prefixed 
with ‘mac'. Tliis way, you can safely install MacRuby if you 
depend on tlie system Ruby for anything (and you likely do, 
unknowingly), 

Variables 

The first tiling to know about Ruby is that variables are 
given names according to their scope, or, how a variable is 
used. Unlike some other languages where you may prefix a 
variable based on its type (integer, string and so on), in Ruby, 


...and class variables look like this: 

Each variahle type determines its scope. A local variable is 
only seen (or, is only valid) within the context it is defined (a 
method, block or function). A global varial>le is valid and 
available everywdiere in the program, and can he defined ai any 
point. Constants are available in tile scope they are defined in. 
Most often, constants will he defined at the very beginning of 
code, and become available everywhere (like a global). 
Constants aren't variable, and can't lie changed Instance 
variables are available to instances of a class and class variables 
are .shared Inetw'een all instances of a class (or its subcla.sses). 
Don't v^oTTY about the class variables, as I'll cover them in more 
detail later. 

Blocks and Methods 

Blocks are importatit fundamental concept in Ruby (and 
many other languages, for that matter). A block is simply a 
group of code. That’s it. Blocks can be denoted by a 
starting/end pair, or by curly braces. So, the following is a 
block: 

begin 

puts "Sunday** If day 0 

puts “Wednesday** if day “ 3 
puts "Friday" If day " 5 
end 

OK, it isn’t a really useful block. But it points out tliat a 
l>lock is simply a group of code. Arbitrary l^locks are often 
associated with loops: 

3.times do 

puts “Good morning I " 
end 
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Here, notice that the block was defined with a do/end 
pair. One-line blocks are more often written on a single line 
with curly braces. The previous loop could be rewritten as 
such: 

3.times [ puts “Good morning I" I 

Blocks can also accept arguments, which come in handy 
when iterating over a data structure. With numbers: 

3*times do \ k \ 

puts Iteration #(x)^ 
end 

Widi an array: 

eers “ ['Volvo'i *Audi*] 

cars*each do |x| 
puts “Looking at 
end 

A meihod is just a named bIcK'k (many languages call this 
di /imctkm). You name the block so you can reuse it. A method 
is defined with the def keyword followed by its name. Method 
names follow the same ailes as local variables (lowercase letters 
that use an underscore to separate words), w ith one exception: 
method names can end with one of T or A method 
ending in ?’ returns a Boolean (true/false) value. A method that 
ends in T means that the method changes values in-place, 
without copying and returning a separate value. A method that 
ends in ‘=' can he used on the left liand side of an assignment. 


We w^on't go into these additional method types in this article, 
but will in the future. Here’s a very short Ruby program tliat 
illustrates the use of a simple method: 

Listing 1: say_h€Ho*rb 

#!/usr/local/bin/macruby 

def $ay_liello 
puts “Hello!" 

end 

eay_bello 

We defined a method named "sayjiello" that simply 
puts the string “Hello]" to standard out. Any time that we 
w^am to perform this action, we can call '"say^hello”. More 
usefully, methods can accept parameters. We can update the 
say^hello function to specify a name. Method arguments are 
placed in brace.s, Here’s an update to the program in Listing 
1 that ha,s the say_hello meihod accept arguments: 

Listing 2: Updated say_heHo.rb 

ih / usr/local/bln/raacr\iby 

def say_hellotnaine) 

puts "Hello, #lnameJP 
end 

aay_hello "Bill" 
say_henQ "Jane" 

Method arguments can go beyond this simple use, 
thouglr Methi)ds can accept multiple arguments, have 
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defauit argumenis and accept hashes and blocks as data 
stmcmres. These options will be covered in a future article. 

Classes 

Ah, classes—the big kahuna of object-oriented 
programming (OOP). Well, OK^ there's more to it than that* 
However, classes are essentially the one thing people would 
name when asked about OOP. Rather than get too deep into 
a technical explanation, let’s start with examples. The main 
idea behind a class is that it models some object—typically a 
real-world object, but virtual objects often make sense, too 
(files, virtual machines, and so on). 

Let’s imaging a graphing library. The most basic element 
of this library will be the point class. A point has an x 
coordinate, a y coordinate and a color. Listing 3 contains this 
basic class: 

Listing 3 - point rh 

/ usr/Tocal/biu/iijacruby 

class Point 

def initializetx, y, color=0) 

= X 
#y = y 

gcolor ^ color 
end 
end 

start = Point.new(0, Q, 0) 


Before getting much deeper, let’s examine this class. 
Class names start with a capital letter, and use MixedCase for 
multiple words, Methods defined inside of a class are called 
class methods. When you supply a method named Initialize’, 
a class will call this method upon creation (also known as a 
constructor). Creation here is also known as instanliaHon. A 
class is like a factory. It isn't the end product itself, but 
knows how to make the end product. You create new end 
products—in our case, Points—by instantiating the Point 
class. In Listing 3, we assign an instantiated Point to the 
variable start. 

Take note of what's happening inside of our initialize 
method. First, the arguments; x, y, color=0. The way this 
is written, when instantiating the class, you mtist provide 
values for x and y. However, color is optional. If you don’t 
supply a value for color, it will be assigned 0. This would 
look like this: 

Start “ Point.nev(0. 0) 

Also, here's w^here the instance variables mentioned 
earlier come in. Despite the names looking similar, @x and x 
are tw^o separate variables. The instance variables are held 
throughout the lifetime of the class. So here, weTe just 
transferring the arguments as passed in, to instance varialiles. 

While Listing 3 will run, it really doesn’t do much of 
anything. That’s not exciting at all. One quick change that we 
can make just shows the values in the class. Change the last 
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line of Listing 3 to insert some loetter values, and add one 
line: 

start = Point - newdO H 15) 
p start 

When run, you are shown the following output (don’t 
forget to mark this script as executable with chmod 770 
point *rb): 

$ ./point,rb 

/i'<Point: 0x20009ea60 @x=10 0y-l5 (^color={]> 

The value you have for "Poind will be different, but 
everything else should be the same. This is great! We see the 
new Point object getting initialized with our values. However, 
how can we do mc}re? Right now, we eani change or 
otherwise retrieve the values for this class. Let’s change this 
next. Instance variables of a class thai are exposed outside of 
the class are called ailnbules, One way to handle this is via 
methods: methods can l:)e used to get and set values of 
aUril>utes. Let's look at tliat way of handling things: 

Listing 4: Updated painLrb 

//! / usr/local/bln/macruby 
class Point 

def initialize (x, y. t::olor=D) 

= X 
@y = y 

@£olor = color 
end 


def X 

end 

def y 

end 

end 

start = Point, nevdO, 15) 
puts start.X 
puts start.y 

This update lets us retrieve the values of x and y, and prints 
them to standard out. However, even with this update, we still 
can’t set any of the attributes after instantiation. 1 won'i drag 
it out any longer: Ruby has a shortcut for this, since this is 
such a common thing to do in Ruby. Also, if your class and 
methods have a lot of attributes to expose, using methods for 
each of them gets lengthy and messy in short order. (This is 
not to say that you 11 never use a method as an accessor for 
attributes, but for the .simple cases, there's a cleaner way.) 
Listing 5 shows this update. 

Listing 5 : pointrb using attr_accessQr 

! /usr/local/bin/macruby 

class Point 

attr_acceseor :y, rcolor 
def initialize(x, y. color^O) 

@x ^ X 
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(ffly = y 

©color = color 
end 
end 

start = Point,ne¥{10. 15) 
puts start.X 
puts start.y 
start.x = 5 
puts start.x 

The one simple line: attr_accessor :x, ;y, 

: color makes up for the two separate methods plus allows 
the setting and retrieval of the @color variable. In addition 
to attr_accessor, which allows both reading and writing 
the attribute, you can limit access to reading-only or WTlting- 
only by using attr_reader and attr_writer, 
respectively. 

If we want more points, all we need to do is instantiate 
more with the new method, just like before. Let's do that in 
one last example. Well also create a method called slope that 
calculates the slope of a line given two points. Listing 6 has 
the updated, final program. 

Listing 6: Final Persian of poinLrb 

ill /usr/local/bln/jnacruby 
require 'oiathn' 
clans Point 

attr_reader :x, :y, :color 
def initialisefx, y. color^O) 
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- X 

6y = y 

©color = color 
end 
end 

def slopeCpointl. point2) 

[pciint2,y - pointl *y) / [point!, x - pointl.x) 
end 

start_point “ Point.new (10. 15) 
end_point ^ Point.new(20. 21) 
puts slope{start_point, end_poirLtJ 

There are a few things to note about this final version. 
Firstj we needed to require a math iibmry (^'niathn'O to get 
some more natural results from the slope calciilation. I ll 
cover additional libraries in the future, but likely not too 
many, as well ultimately rely on Cocoa (and for this specific 
example, Cocoa provides a perfectly useful point class itself 
in NSPoint). Also, attr_accessor w^as changed to an 
attr_reader without sacrificing any functionality, as we 
weren’t changing any attributes after the initial setting. 

Conclusion 

Now this rounds out our Kuby knowledge and will make 
integrating with Cocoa much easier, While Python and Perl 
also have bridges to Obj-C and access to Cocoa, only Ruby 
can claim a lineage similar to Objective-C. Cocoa requires 
setters and getters in the form of accessors, so, this pattern is 
important, as it translates directly into the ability to work with 
Cocoa classes from Kuby. While Python can emulate this, one 
doesn’t typically create setters and getters in pure Python 
code (as it’s not required). 

.Media c^f the month: I’m currently reading Mobilize: 
Straiegies for Success from the Frontlines of the App 
Ret^oiulmt, by Rana June Sobhany. While Rana is currently 
knowm as the “iPad DJ,"* she has a great story as to how she 
got there. With a developer l>ackground and someone that 
had apps on the App Store from day-one, Rana has a great 
perspective on how to capitalize on the mobile app 
"revolution.'* The book is also graced with many names you 
should recognize. 

Until next month, like I’ve said before, get some more 
Ruby practice in on your own and don’t be afraid to 
experiment! 
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Gaming Under Parallels Desktop 6 



PQ ipopulgr Windows games. How playable are they? 

■. _ . by Neil Ticktin, EdifoNn-chief 


Gaming Under Virtualization 

One of the question's tlii^t we regukrly get at MacTeth Is 
alx}ut running gatnes in virtualization. Which games work well 
how well tliey run, and what tliey look like are ail axnnion 
questions. 

Over tile past several weeks, we ttx>k a lc.x)k at sf>me of the 
most popular games. Ba.sed on ratings by IGN and otlier web 
sites, populaiity^ and more, we selected 20 games to evaluate using 
Parallels Desktop 6 for Mac. To test this, we assembled a team of 
game players and evaluated the playability of the game (noi the 
game itself)* measured fnimes ix'r second* and attempted to video 
capture each one. Hie combinaiion of these things will give game 
players a solid idea of what tiiey are in for when playing diese 
games under virtualiziition. 

The Test Bench 

All die tests were nin tm MacBotjk Prcxs running Mac OS X 
10.6.5. Hie MacB(K)k Pros liave the lienefil of a faster (iixxjessor 
and additional graphics prcx:essing power. 

4 GB MacBook Pro, Intel iS processor (“IJnilxKly MaclS(X)k 
Pro”) 

SpecidcalJy: Macikxjk Pio 15,4 in 2,53 GHz i5 4 GB/5()0 
GB 

Hie virtual machine wils .set up with Windowvs 7 and all 
Lurrent updates, 1.4 GB of virtual machine RAM. and 2 virtual 
CPUs, If the game would allow' us to easily do so, we npically 
configured them to play in full .screen mode. 

Scores And Measurements 

As our testers evaluated each game, diey gave a score of 
playability. Since this type of sc^oring is sal>jective, we averaged 
the testers’ scores for consistency. The games were scored 
according to the following scale: 

1-3: Game not playable 


4-6: Game playable hut with .significant Issues 
7-9: Game playable hut wiili minor Issues 
10: Game a great playable experience 
With that in mind, this is how' our selected 20 games performed, 
25% of the games w^ere a gwat playable experience. Another 50% 
of the games were (ilayable. hut had minor issues, 15% were 
playable with significant issues. And, only 10^) were not playable 
at all. When you consider wliat is going on under the hood 
(games lx?ing [ilayed under virtualiziition), these are astounding 
resulLs. 

Game a great playable experience 

Elder Scrolls fV: Oblivion 
Empire: Total War 
Enemy Territory': QUAKE Wars 
MS Flight Simulator X: Gold Fdition 
Transformers: War for Cyliertron 

Game playable but with minor issues 

Borderland Game of ihe Year Edition 

Battlefield Bad Oimpany 2 
Crysis 

Lara Croft and the Guardian of Light 
Batman Arkhani Asylum 
Crysis Warhead 

Can of Duty' 4: Modem Warfare Game of the Year Edition 
Mass Effect 2 
Dirt 2 
Far Cry 2 

Game playable but with significant issues 

BioShcKk 2 

Call of Duty: Black Ops 
Call of Duty; Modem Warfare 2 
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Game not playable 


Game Name 

Frames 
per Second 

Average Playability 
Score 

Batman Arkhom Asylum 

27.12 

7.5 

Battlefield Bad Company 2 

28.58 

7,0 

BioShock 2 

18.82 

5.0 

Borderlands Game of the Year Edition 

28.61 

6.5 

Call of Duty 4: Modern Warfare 

Game of the Year Edition 

29.42 

8.0 

Call of Duty: Black Ops 

5.27 

4.0 

Call of Duty: Modern Warfare 2 

8.50 

5.0 

Crysis 

29.15 

7.0 

Crysis Warheod 

18.57 

7.5 

Dirt 2 

29.17 

8.3 

Elder Scrolls IV: Oblivion 

48.65 

10.0 

Empire: Total War 

70.28 

10.0 

Enemy Territory: QUAKE Wars 

29.93 

10.0 

Follout: Nevir Vegas 

n/a 

1.0 

Far Cry 2 

31.87 

9.0 

Lara Croft and the Guardian of Light 

16.33 

7.0 

Mass Effect 2 

33.12 

8.0 

MS Flight Simulator X: Gold Edition 

15.02 

10.0 

Tronsformers: War for Cybertron 

18.87 

10.0 

World in Conflict 

n/o 

1.0 


Fallout: Ntfw Vegaw 
World In Conflict 


Additional Measurements 

For performance, we u.sed a "Franiej^ Per Secx)nd'' 
measurement as determined by FH.\PS (a Windows tm\ 
with low overhead cm measurements which weVe seen 
work well fcx this type of testing). The FPS measurements 
were taken over 60 seconds and tested multiple times, 

Tlie most lepreseotative FPS .score was taken, 

Individual Game Notes 

For each game we tested, our team commented on 
the playabilin^ of each game, in addition to the rating and 
video captures. These comments are typically the issues 
to expect, and the games are playable otherwise. 

Batman Arkham Asylum (27.12 fps, 7.5 
playability score) 

General: The game looks excellent. Moving anrund 
Ls smooth, has good ganiejilay, and is easy to control the 
players. 

Caveats: The game litLs octasional lag wiiich, at 
times, can significant but is typically not a big deal, 

This is es|iecially the case when loading new”^ areas. 

Combat is a bit choppy but playable. The longest pauses 
typically happen before moves that break to a cut scene. 

Battlefield Bad Company 2 (28.58 fps, 7 
playobility score) 

General: Tlie game is very playable, thougli can 
sometimes l^e slow. 

Caveats: At times, slow'er i'rame rates result in .some 
difficulty' in aiming, hut it’s relatively Eiiinor. Cut scenes 
LLSually end witli a lag as they switeh our. 

BioShock 2 (18.82 fps, 5 playability score) 

General: While the character i.s walking around, the 
frame rate is solid. 

Caveats: Frame rate slows during some cut scenes. There are 
major frame rate issues with intense action sequences reducing the 
playafiility' of this game. 

Borderlands: Game of the Year Edition 
(28.61 fps. 6.5 playability score) 

General: Game play is smtxjtii w ith only a little bit of lag here 
and tliere. At first, w'e found it difficult to set up resolutioas and 
settings to properly display, but we were ultimiitely able to figure 
it out. 


CaveaLs: After w restling with it a bit, we were able to have tlie 
game take up mo.st of the scieen, but the colors were completely 
incorrect and much of the screen w^as white or washed out 
(somew'hat moncK'hnanatic). Graphics details were fine however. 

Call of Duty 4: Modern Warfare Game of the Year 
Edition (29.42 fps, 8 playability score) 

General: The transitions between scenes were noticeably 
gtxxl. Most of the time tlie game played with very little lag, flowed 
very well, and had strong frame rates. 
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Caveats: There were times the lag was substantial, hi these 
cases, if we restarted tlie game, it returned to excehent game play 
and fluidity of movement. 

Coil of Duty: Black Ops 
(5.27 fps, 4 playability score) 

Geneml: Game was hK>rderIine unplayable with frame rates 
regularly below 3 frames per .second. 

Caveats; Combat was impossibly laggy at times with 
substantial delays in shooting, moving, and controlling tlte player. 

Call of Duty; Modern Warfare 2 
(8.5 fps, 5 playability score) 

Genenil: 11ie game worked, but had a great deal of lag. 
Qjveats: It Kyok a long time to start the campaign. Cut sc:enes 
were at nonnal speed, !)ut there was a gieat deal of lag when 
moving, It Lcx)k a while to transition to and from the main menu, 
and it was ditllcLill tcj aim, 

Crysis (29.15 ^s, 7 playability score) 

General; Very playable. When looking at tire video, take note 
that the screen capture for the video shtAVs lag, hut the videt) 
capture made the lag much worse than it odierwise wits. 

Caveats: At times gets lagg^^ and seettis to pause. If you like 
what you see in the video, you'll 1^ pleased witli die game, as 
thats the worst-case .scenario. 


Crysis Warhead (18.57 fps, 7.5 playability score) 

General: Played w^etl. Like the original Crysis, video saeen 
capture made the lag worse, so take that into consideration when 
looking at the video. 

Caveats: At times, the game would show black for a short 
period of time, and then return to noim^il 

Dirt 2 (29.17 fps, 8.3 ployabiiity score) 

General: Cut scenes played well, Typically, the controls 
worked well and the graphics had minimal lag, 

Caveats: At times during gameplay, frame rate wmild drop to 
15-20 frames per second and controls were occasionally 
unrespoasive and graphics would lag 

Elder Scrolls IV: Oblivion 
(48.65 fps, 10 playability score) 

Genenrl; OvcralL very solid gameplay. The fnime rate was 
more consistent dian on Lin Xliox 360. 

Caveats; IMf}ne, 

Empire;Total War (70.28 fps, 10 playobility score) 

GenerLil; Worked perfedly, 

Caveats: None. 

Enemy Territory; QUAKE Wars 
(29.93 fps, 10 playability score) 

General; The game played iih,s<ilutely flawlessly. 

Caveats: We coLiklii't get it ttJ play in full sereen mode. 
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Fallout: New Vegas (n/a fps, 1 playability score) 
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General: Unplayable. 

CaveaLs: Loads and shows cut scenes, but when game is 
about to start, mouse stops working and application quits with 
“FalloutNV lias stopped working" error. 

Far Cry 2 (31.87 fps, 9 playability score) 

General; Colors and graphics look great, and it played 
smoothly most of the time. 

Caveats: Ifiere was some lag at times,. 

Lara Croft and the Guardian of Lighf 
(16.33 fps, 7 playability score) 

General: Plays fairly well, but tliere are minor lags fairly often. 
Caveats: Occasionally, tlic lags become more severe and the 
game will lock for a few seconds. 

Mass Effect 2 (33.12 fps, 8 playability score) 

General: Ran fairly STn(x>ilily and a)asisten!]y 
Caveitts: At times there was lagging in action sequences. 

MS Flight Simulator X: Gold Edition 
(15.02 fps, 10 playability score) 

General: Tlie game was very playable and consistent, despite 

the frame rate iieing only 15 frames jx-r second. The controls 
worked quite nicely. 

Caveats: None related to game play. We were unable to do 
a video aipmre on tills game, but we don't consider this an issue 
and is not related to perlbnnance. 

Transformers: War for Cybertron 
(18.87 fps, 10 playability score) 

General: Looked perfctl. Played impeccably. 

Caveats; None. 

World in Conflict (n/a fps, 1 playability score) 

(jeneral; Didn't work at all 
CiiveaLs: See general. 

Conclusion 

Cleariy, if you are a hardcore gamer, Ibr tlie niiiximum gaming 
exjxrience, you are going to turn to a souped up WinTel mitchine 
tuned specifically to gaming, and running a game in virtualization 
is not a consideration. 

tf, however, you are a casual gamer Irxiking to enjoy a 
Windows game and avoid tlie hassles of btxiting in native 
Windows under Apple’s Bcx>t Camp, then playing a ^^mdows 
game under virtualizaticm can be a great option. 

Remember, you am set up your virtual machine to use the 
Bool Camp volume. This means that you can boot under 
Windows when you can do without the Mac OS, and want tlie 
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imximum Windows performance. Also, you can hnve the 
advantages of virtualization and still use the Boot Camp volume. 
One t^enefii to ParaileLs Desktop 6 is tliai you tiave the choice of 
being able to suspend a virtual machine even on a Boot Camp 
volume, (Of course. Boot Camp won’t be happy if you don’t shut 
it down first in Parallels tefore trying to boot again in Boot Cumip, ) 
Of tile 20 games we tested, about three quarters of the games 
played well (meaning a playability score of 7 or more). A quarter 
of tile games played m well you forgot you were in virtualization. 
If diat's not impressive. 1 don’t know what is. 


'^i\\ 


Special thanks to our game testers: Mike Ambrose, Keegan Fitzpatrick, 
Adam Ginei), Max Shapiro, and Jordan Tickiin. 
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Extending 
Classes with 
Categories 

Exploring Objective-C’s 
way of making classes 
^richer, without subclassing ^ 

Introduction 

As an object-orientecl langiKige, Objective-C gives develn|X?rs 
die ability to extend a class through the classiatl objecHinented 
model of inlieritance. Inheritance is a tinieriested means of bringing 
additional functionality to our classes, and most of the time, it is the 
a[)propriate and exjx^dient choice. However, Ohjective-C htus 
anoilier, and some might say more convenient, technique of 
extending a class. In tills jncnth's Develoj.^r to Develo|:>er, we II 
explore the concept of aitegories and how we can use this 
alternative to subckissing to add and extend our own classes. 


can take advantage of extensions or changes to a partiailar class's 
methods. 

An important distiiietion between categories and subclassing 
is in the declaration of variables. variables can be declared 
in a subclass, categories have no such luxury. Categories extend a 
class' methods only. However, category methcxls may cenainly 
access variables availal^le to tlie class it is extending. 

Let's look at point 4 above a little more closely, in certain 
cases, subclassing certain Apple-supplied Cocoa classes requires 
special consideration. Classes like NSString, NSNumber and 
NSDictionary can lie sulxlassed, but may require a subset of tlieir 
methods to be re-implemented. Faced w ith tlie additional work to 
subclass tliese classes, and depending upon your requiremenLs and 
needs, you may find tliiit categories are a much less resistant path 
of choice. 

The Anatomy Of A Category 

IX'fining a category is quite similar, in fact almost identical to, 
defining a subclass, as evidenced by the representative two-file 
pattern of interlace (.h) and implementation (.m). 41ie header file 
holds ilie interlace section, and tlie im[>lementaTion file holds the 
implementati(jn and actual ctxle. 

The header file, like a typiO:iI ObjecEive-C interface header file, 
contains the declared methcxl signatures for tlie category. All of the 
methods listed in the header file that are expected to be 
implemented in the accompanying implementation, or ,m file, are 
listed here. Unlike a class interface declaration, however, a category 
interface dedai'iitic3n lias an additional piece ol information: die 
category name, 

“HyGreatClasB-h'' 


Why Categories? 


©interface MyGreatClasis [ MyNewCategoryNatne ) 


The vintage phrase bhe right tool for the job” certiinly comes 
to mind when considering <jne jiarticular ajipnjadi of class 
extension over another, and tliis is no less true with subclassing vs. 
categories. While tlie classical inheritance model has its own set of 
benefits, categories bring specific advantages to die table, and are 
LLseliil in ilieir own riglii. Let's look over tlie advantages of 
categories: 

Categories allow you tij extend an existing class's methtxls 
without the need to create a new subclass. 

Any added methods arc immediately avalkble tliroughout the 
application. 

Clasvses that you don't have die source code to can be 
extended witli categories. 

Categories avoid some of die problems tliat come widi 
suix'lassing certain classes. 

The ability to add methexis to a class without subclassing, and 
having those methods immediately available throughout an 
application, is a powerful technique. It means tliat other pans of 
your application, and ei^en code that you don't have the .source to, 


/■ place your method aignaturee here */ 

©end 

The categoiy name above, MyNm^CaiegoryName, is 
surrounded by parendieses and Ibllows the class diat it is 
extending, 'Tliis name is lV>r the compiler's use and tracking; you 
am choose whatever name you like, but it must lie unique and not 
collide with other categoiy names. 

'Hie implementation file carries the same pattern diat is 
familiar to Objective-C developeis, and similarly extends the syntax 
of the class implementation to include the same category name dial 
was specified in the header file: 

//import "MyGreatClass+MyNewCategoryNaiiie, h” 

@implementation MyGreatClasa [ MyHewCategorytJame ) 

/* define your methods here */ 

(^end 
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This is the basic anatomy of a categor)^ 
interface/implementation file pair. The actual naming of botli the 
implementation and interface files themselves follows a distinct and 
well-used convention; the plus (+) sign is sandwiched bem^een tlie 
class name teing extended and the category name being defined, 
as in MyGwaiCi^-MyNm€ategqfy>^^^ and MyGwaiCiass+My 
NewCatego?yNaniem By using this convention, we can see at a 
glance (a) tliat this is a categoty^ (b) tlie name of tiie class being 
extended, and (c) tlie name of the category^ 

Putting Categories To use 

To ilkistnite tlie use of categories, let's extend tlie NSString 
class to add a couple of useful metlicxJs not currently available. As 
classes go, NSString lias a gtxxl deal of functionality, liut having a 
few convenience metliods would lie helpful. Specifically, let's 
extend die class by adding methods to capitalize the first letter of 
the first word, and to do the reverse, namely unc^apitalize die first 
letter of the first word. The contents of the interface file named 

NSString+CapitalizedAdditions,h is below^: 
tfimpo r t < Foundation/F ound ation.h > 

^interface NSString [StringAddltlons] 

- (ttSString *)cflpitaiisedStringFiratWordOnly; 

- (NSString *)uncapitalizedStringFir3tWord0nly: 

©end 

Following the declarations in the interface file is tlie 
implementation file: 


^/import “NSString+CapitalisedAdditions .h"" 

©implenientation NSString (StringAdditions) 

- (NSString *)capitalizedStringFirstWordOnly; 

I 

return [self 

stringByReplacingCharactersInRange:NSMakeRange(0.1) 
wflthString; [ [self substringToIndex; 1] oapltalizedStrlng] ] : 

] 

- (NSString OuncapitalizedStringFirstWordOnly: 

1 

return [self 

stringByReplaclngCharacTersInKange;NSMakeRange{Ci -1) 
vdthString:[[self subatringToIndex:ll lowercaseString] ]: 

1 

©end 

And by simply using a combination of several preexisting 
NSString methods, 

stringByReplacingCharactersInRange:withString:, 
substringToIndex: and capitalizedString, we have 
created an entirely new' set of metliods which can be used 
anywhere in our application. 

The above example extends the NSString class cleanly and 
easily. No subclassing is perfomied. Any part of your program c^n 
now' use these two metliods w'ith any NSString object that tliey may 
have access to. How' convenient is that? 

You can probably think of other cojiimonly used classes that 
could benefi! from such extensibiliri' 
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Things To Be Aware Of 

Categories are useful and have tiieir place in tlie developer’s 
tool belt, but there are certain caveats that you should be aware of 
when defining and using categories: 

While a category method can override a metliod of the same 
name in the class being extended, the categor}^ rnediod cannot call 
tltat overridden method. This behavior is different in subclassing, 
where tlie metliod in a subclass can call the overridden metliod in 
its super class by referencing the super keyword. 

As noted earlier, categories can only extend a class's metlicxls 
and not its iastance variables. 

Pay particular attention when using categories to override a 
methcxl erf im existing class with the ^me signature. Rememl:)er that 
the addition of a category methcxl is in effect, a global change. All 
other parts of your application dial use that class are impactcxl. If 
you do mi preserve the functionality of the original methcxl that 
you are overriding, you are radicully changing behavior^ and that 
may cause problems for other parts of your application. In short, 
don't override a class's nietlicxl with a category method unless you 
are certain that you can duplicate the functionality, or you have 
asse,ssed the full impact of the change and can live with the results. 

Summary 

As common language featines gcj, categories are a rather 
unique w'ay to extend existing cla.sses. Ihey provide a different 
means than traditional inheritance to extent! a class’s functionality 


Categories are not a complete replacement for the inlieritance 
model for Objecuve-C; tliey merely provide anotlier mechanism to 
extend class behavior. 

There are many good online resources and tutorials that go 
into the nuances of Objective-C categories. 1 would encx>urage you 
to read tliem and to consider putting this powerful piece of class 
extension to work in your applications. 
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Consultant Cowboy 

by Ryan Wilcox 


Pricing 

Consuiting 

Services 

Pricing is hard, 
^efs go shopping! 

Introduction 


The article deals witli pricing your services as a freelancer. 
Pricing is a delicate balance of four things: ycjur budget, money 
considerations, your current expenses and your future dreams. 

No matter if you bill hourly, by project, or by weeks, how 
you price yourself is essential. Too little and you run out of 
money at critical times. Too tnuch? You're too expensive for 
your clients to afford...but tot> little and your clients may 
assume you’re a minor league player and ignore you (in the 
"worth the money we paid for it: paid a little, and it was w'orth 
only a little” mindset). 

Pricing is delicate balance that you'l! prcjbably aiw^ay.s Itc 
tweaking.,.because everyone else in the world Ls too. Utility 
prices go up, but something else goes down. Your dollar 
doesn’t go as far at die store Lids yetir as it did compared to last 
year, etc. Maybe your business started going in a direction you 
didn't expect, and diat changes how you price things. 

Your Business Budget 

Here’s my super simple budget for businesses. Tlii.s can be 
adjusted a little, but it’s close enougli to reality (in the USA, 
anyway) that diere’s not much room U) tweak: 

Your mondily income should lx.* divided two w^ays: 

• 40% to Federal, State and Local taxes 

• 60% to yourself to pay bills, etc 

Plan B is (40% for taxes, 20% for business 
savings/emergency fund, and 40% for yourself), but you see 
where I’m going here. 

So, if you make $5,000 a month, Uncle Sam pockets $2,000 
and you take $3,000 to live, 

Yes^ some months you might not be able to pay yourself, 
HOWFVER, paying yourself regularly is an excellent habit to 
get into. 


The more formulaic (or budgeted) you can get your 
monthly invoices the less youll have months when your whole 
income that month goes to pay the quarterly tax bill that’s due. 
Been there, done that, ids no fun. 

Of course, sometimes invoices don’t come in when you 
expect them too, or clients run out of money and cancel your 
services. Cash flow is an important topic, but one for another 
article. 

40% to Taxes 

The 40% numlx^r is too high (it is 40% of all money coming 
in, and not profit, for example). It is also a naive t'alculation of 
the US tax code (it assume,s all your money is taxed at 40%, 
which ids not because of the sliding tax rate scale and various 
deductions). 

liowever, ids high for a reason: the 40% is a buffer, and this 
is useful in a variety of w'ay. For example, this buffer money 
would take care of any money you still owe at the end of die 
tax year. It also will help in bad times, w'hen youVe late on your 
taxes: you have extra money coining in to your tax account 
which will help pay off the previous quarter’s taxes, 

In good times you’ll have money in that account at the end 
of the year (forced savings, if you will). 

If you’re an employee currently, looking to quit your job 
and become a consulUml cowboy: don’t dismiss this number 
out of hand. Take a look at your paystub every week and see 
exactly how much (percentage wi.se) is taken out of your 
paycheck. Also, a.s a self employed person, you’ll have one or 
twT) tax hits that everyone else doesn’t have, the first one being 
the ’‘.self employment tax" of an additional 6.2% on your 
earnings. 

As an employee, per IRS tax code (the spec), you pick up 
6,2% of your Social Security, and your employer picks up the 
other 6.2% of your Social Sectiriry, When you’re self-employed 
you are your own employer. 

Even accounting for those facts, the tax saving among you 
might think that 4W) is high. It is, but on purpose, and for two 
reasons. First, the math is easy to do (ids gotta be easy or you 
won't do it, AND having a solid easy to figure out number like 
this fits right into your business budget — iu.st mark that 40% 
in your budget as taxes and don't worry about it), 

Ji's important to have this in a separate account, 

ideally that you tap into only for taxes. In pmctice, there will lie 
lean times you’ll have to tap into this account to pay, say, rent. 
I like finding a good high interest checking/savings account 
and putting my money there; let Uncle Sam’s money earn 
money for me for a while. 

If you get any rebate l^ack, ideally you’d put that money 
back into this account. 

60% to yourself 

Under this strategy you now have 60% of revenue to pay 
yourself. 
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A*s mentioned in previous articles, it’s good (almost 
essential) to have a personal budget here. If you know what 
kind of expenses you have every month, and what kind of 
lifestyle you have, this goes a long way. 

You'll want to make sure you also have an emergency fund 
— while the business having one is an excellent idea, it will (a) 
take a while to build and (b) a second emergency net is a very 
good idea. 

My suggestion is to write out a budget and additionally list 
every source of emergency income and how many months of 
the bare essentials it will last. 

There are certain w^ays to optimize your budget: getting rid 
of TV, eating out less, or even changing where you live. If 
you’re not tied to a particular place, find a cheap place to live 
and live there. 

Finding a cheap place to live works great for people who 
can do remote work: your customers get a good deal because 
you can afford to charge half of what they might get in a city, 
and you get a good deal because you're still making more than 
average in your town. 

There may be a strategic advantage for you to stay in a 
large city. For example, if you do IT consulting and install 
network equipment 4 days a week). Maybe you do on-site 
consultancy work: your current project includes top-secret 
information that can't leave the building or involves 
expensive/bulky equipment. Large cities also mean potential 
contracts with city or government based organizations. 

If there’s no strategic advantage to being in the city, 
strongly consider getting out. I found an area with low cost of 
living when I started my business; my first 2 or 3 years were 


rough, and it was helpful to not have to spend that much 
money to live. 

Price for a 20-32 hour week 

When you’re trying to figure out your price, you might sit 
down with an equation like tliis; 

{Desired income you need to pay your living expenses - aka 
your "salary"} / (40 hours per week * 4 weeks in a month) = 
(hourly rate) 

Which would work great, except for one fact: youll 
probably not bill the full 40 hour week. For the first 1-2 years, 
when i was still learning how to optimize my time for tlie 
business, I was billing maybe 30 hours a week (and still having 
a hard time with it!) 

Maybe you have some restrictions (this is your night job, or 
you volunteer every Thursday at the YMCA, or you have small 
children in the house and have to watch them several days 
during the week). Maybe you have other, long term 
responsibilities, and these all need to come into play when you 
tliink aboiiL how many hours per week you could bill. 

Also, the tasks related to a business (business 
development, marketing, figuring out how you do things) take 
time, and w^iJJ take even longer when you’re starting up. Even 
now 1 assume that I’ll spend one day on non-l3illable tasks 
(related to the business or even doing more personal things: 
bills, fixing things that need fixing, etc). 

Earlier in this series I sugge,sted assuming you'D bill 20 
hours a week, which Ls a good number for the first 2-3 years, 
when you’re stiE building. This number is also low for another 
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purpose: it’ll probabiy take time when you wrap up one project 
and going looking for another: you need to save for lean times 
like that. Depending on how you work (lots of small jobs for 
small numbers of hours per week, vs. one big job for 3040 
hours a week) this number can vary some. 

Returning to our equation: 

[Desired inconie you need to pay your living expenses) / (20 
hours per week ‘ 4 weeks in a month) “ (hourly rate) 

A {50,000 year living expenses (aka; salaiyb would mean 
$4,166 per month. 

So: 

($4166 salary) / (20 hours per week * 4 ^ 80 hours) = $52 
per hour. 

Now, this is only part of tlie equation. ’WeVe only covered 
half of my 40% taxes / 60% budget... the good part. Now the 

amount you need to save for taxes: 

$52 / .6 = $86 an hour 

Which gives you your chunk (60%, or $52 / hour) and 
Uncle Sam his chunk (4()%, or $34.66 / hour). 

But wait, that’s not all: as a small business you have extra 
expenses you might not have had if you are coming from being 
an employee. 

Your Expenses 

Out of that 60% comes the obvious expenses: rent, bills, 
etc. For a eonsultant cowbcjy there are expenses you might not 
think about. Now, everyone will have different expenses, 
depending on your own personal tastes, .situation, and billing 
practices... but here are some common ones. 


Insurances 

Health Insurance: with no employer, you're the one now 
directly purchasing your health insurance. Things have 
changed, or will change, with President Obama's health care 
reform bill, so see an insurance professional here. 

If you're reliably healthy, a health savings account with 
high deductible might be the ticket for inexpensive coverage. 
From the doctor’s perspective it works just like regular 
insurance with a high deductible ($2,000-4,(X)0... so yes, it 
could get pricy). From your perspective, there’s an added bonus 
of it being also a savings account: saving for that eye surgery? 
This might be the way to do it. 

These have a big disadvantage (the deductible being so 
high: you’ll be paying for most doctors visits essentially by 
yourself, but tliis is great ‘Tall down and break your leg” 
insurance: you’ll get hit widi some of the bill, yes, but insurance 
will take care of the rest. 

Again, I'm not an insurance professional, I’m just sharing 
what worked for [iie. Tliis might not work for you: see someone 
who really knows what they’re talking alxitit. 

Life Insurance: With no employer covering your 
insurances^ you need to take care of this one yourself too. Life 
insurance is a morbid topic, but I want k) make sure all my 
debts can he paid off, and my family given some money, if 1 
do pass early, 

I really like die life insurances where you can borrow 
money from, then pay it back over lime. It’ll take 3-5 years to 
amass any sort of balance, but being able to borrow money 
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from my life insurance has been helpful for me on at least two 
occasions. 

Retirement 

Probably the best dream to have is the one most 
grounded in reality: money for retirement. Going it on your 
own means you no longer have a 401K, ov IRA, set up by your 
employer. In the US we have Social Security, but that’s meant 
to provide money to meet basic needs like shelter, food and 
clothing. It would be purely irresponsible to assume that 
Stx:ial Security will be enough income to sustain you through 
your retirement. 

Talk to a financial advisor here and set up financial plans 
to enable you to live w^ell in your old age. Even if this is a 
while off, an early start on retirement could mean the 
difference of a million dollars or more (thanks to 
compounding interest, etc etc). If youTe closing in on 
retirement age, you really need to think about this, and make 
a big line item in your own personal budget for this. 

Even if you plan on working (or consulting) part time 
during your retirement (just scaling back hours, for example), 
that also should only be part of your retirement plan. 

Travel / Conferences 

If ycui do any travel because of your business, you have 
to factor that in too. Maybe your invoice includes expenses, 
or you eat them as cost of doing business (which would 
reduce your taxable income). 

A disadvantage of being a consultant cowboy is that 
nobody pays for you to go to conferences anymore. As an 
employee your employer might send you to a conference or 
trade show for a w^eek as part of a training budget. On your 
own youTe suddenly the one paying those expenses - and 
taking time away from paid project work to do it. This 
combination is a double-whammy, and something that 
deserves planning for. 

Equipment 

Programmers have it easy: in one way our work is pure 
profit: taking ideas and converting them into bits on a 
computer: nothing required except a computer. (Altliough tliis 
should be on your radar: every 4*5 years buying a new 
computer. I like having tw^o machines and planning to keep 
one for 3 years and one for 5 years. This lets me have a 
reasonably up to date machine w4iile also optimizing 
expenses). 

Other types of consultant cowboys aren’t as lucky: for 
example, computer sales, installation, IT services, etc: in 
addition to the labor involved there's also the cost of parts. 
Now^ there’s profit margin involved; how much do you need 
to make on the sale of each thing to cover your ow n bills? 

These issues shooldnT be ignored if you’re in that 
industry. I recommend finding a good book, resource, mentor, 
or business consultant to help with these kinds of questions. 
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Shrinkage 

Shrinkage in retail means products that have Valked ofP 
in various ways: shoplifting, employee theft, shipping 
damages, ett\ Cowboy consultants also have shrinkage, and 
need to be mindful of it. 

Your hourly pricing needs to account for the following 
factors of shrinkage; 

• Time you spent doing business development: 
increasing awareness of your business, talking to leads, 
etc 

• Time you spend doing bids for projects that didn’t 
come through 

• Times where you want to take non-traditional payment 
for part of (the right) project 

. Projects where you went over budget for a project and 
took a loss on a project 

• Projects where you had to hire additional help for a 
project 

• Making less money than you expected on a project 
because you had to pull in extra help in the form of 
subcontractors etc 

• Projects where the client runs out of money mid project 

• Client takes your work and runs 


Some of these are risks we can reduce with good billing 
practices (coming in a later article!), and some of them are 
required business development required to stay in business. 

Conclusion 

There's more to cover here: a lot more. Next month’s 
article will focus on more of these pricing Issues. There’s 
much variation here: how many hours per week you’re 
working, how much you can charge, how much you need to 
charge, and what you want out of the business itself While 
this article has gotten you staned on how to figure out your 
hourly rate, it's also something youYe going to have to revise 
- initially every few months, then at least yearly, or when 
significant life-events happen (marriage, new child, etc). 

Until next time, see you, consultant cowtx)y! 
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An introduction 
to WireShark 

The graphic-interface 
protocol analyzer 




by Mihails Tsoukalos 


Introduction 

in June 2(X)6, Gerald Combs, the creator of the Ethereal 
package, renamed it to WireShark as lie changed his job and 
could not use the old name anymore. Nowadays, most people 
use WireShark and Ethereal is just history! This article will 
present you WireShark, which is a %'ery popular, and capable 
cipen source network protocol analyzer. 

You may ask what makes WireShark different apart from 
the fact that is free? Why not use tcpdump? Ttie main advantage 
of WireShark Is that it is a graphical applicatitjn. Figure 1 shows 
WireShark Rjnning on a Mac. 



Figure 1; WireShark running for the first time 

Running WireShark and basic Usage 

'Hie WireShark version that is going to l>e used in this 
article is from the MacPorts Project and has the following 
characteristics: 


intsaiik^ wireshark v 
wireehark 1.^.1 

Copyright 1918-2010 Gerald Cotnba Cgetaiii@wireshark.org> and 
contributorfi. 

This ia free software; see the source for copying 
conditions. There is MO 

warranty: not even for MERCHANTABILITY or FITNESS FOfi A 
PARTICULAR PURPOSE. 

CaiHplled vlth GTK+ 2,22.0, (64 bit) with GLib 2,26,0, with 
libpcap 1.1,1, with 

libz 1,2,5. without POSIX capabilities, without Ubpcre* 
without SHI, with 

c-ares 1,7.3. without Lua, without Python, without GnuTLS, 
without Gcrypt. with 

MIT Kerberos, without GeoIP, without PortAudio, without 
AirPcap. 

Running on Darwin 10,5,0 (Mac OS 10.6.5), with libpcap 

version 1,1*1, with libz 

1.2,5, 

Built using gcc 4,2,1 (Apple Inc. build 5664). 

To install this version of Wireshark, install the late.st 
MacPorts from hlfp://wwvy.macports.org and then issue the 
commands: 

Buda port selfupdate 
sudo port install wireshark 

The Wireshark download, compile and install sequence 
will take some time (a few hours, depending on your machine). 

A more simple option is to download a precompiled 
binary from http://www.wireshark.org/download.html. Either the 
MacPorts or precompiled version wiH work just line for 
following along in thus article. 

WireShark requires XI1 Ca.k.a. XWindows) in order to run, 
Ixit you are lucky as Mac OS X comes with XWindows. 
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If you run WireShark a.s a normal user, you will not be able 
to use any netwcijrk interfaces for capturing network traffic due 
to UNIX permission reasons. 1 find it more convenient to run 
WireSbark as root {sudo wireshark) when capturing data and as 
a normal user when analyzing network data. When running 
WireShark as root, it displays the warning message shown in 
Figure 2. 



Figure 2: WireShark's warning when running as root 


Alter running WireShark as root, you will be able to see the 
list of tile available network interfaces. In niy case, the Network 
Interface List is shown in Figure Please note that not all the 
displayed interfaces are in use. 



Interface List 

Live llftefthc lnt«rfAC«S IcQUhits 



Start capture on interface; 

IfJ anO 
W l fwO 


enl 

til loO 


U 


Capture Options 

Sturt a capture with detailed opOotit 


Figure 3; The available network interfaces (Interface List) 


You can compare Figure 3 to Figure 1 and see that in 
Figure 1 WireShark displays no nerw^ork interfaces. If you try to 
start capturing network traffic without first selecting a network 
interface you will get an error message similar to what Figure 4 
shows. 


1*1 an....:,. 




1 Vou didn't specify i 

an interface on which to capture packets. 



1 1 







Figure 4: Trying to capture network data without a network interface 


The easiest w^ay to start capturing network packages is 
by clicking your preferred interface as shown in Figure 3^ 
Then WireShark wdll be populated with data similar to 
Figure 3. If you know nothing about TCP, tP or UDP you 
may find the output difficult to read or understand. The next 
article in this WireShark series will go into more detail on 
that, and it wnl! not be that difficult. 

In order to stop the capturing process you must select 
Caplure and then S^op from the menu of WireShark. 
Alternalivelyj you can press the fourth icon fnim the left, the 
one with the white x with the red l>ackground. This button 
can only be pressed while you are capturing network data. 



Figure 5: WireShark is ruuningl 


Using the described method to start capturing you 
cannot change any of the default WireShark Capture 
Options. You can see the Capture Options by selecting 
Capture and then Options from the menu. You can sec the 
available options in Figure 6. 

There you can select the Interface (enO), see your IP 
address (192.168.1.10), apply any Capture Filter (in this case 
there is no Capture Filler), put your network card in 
promiscuous mode, and save your capture data in one or 
multiple files (In this case the capture data is not being 
automatically saved). You can save your data afterwards hut 
when capturing lots of data, it is considered a good practice 
to first save and then examine the captured network traffic. 
When you put your network card in promiscuous mode, you 
allow the network device to catch and read every network 
packet that arrives tc; it even if the receiver is another device 
on the netwa^rk. Network packets still go to their initial 
receiver. 

You can also choose to stop packet capturing after a 
given number of network packets or a given amount of time 
or a given size of data (in bytes), 
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Figure 6: WireShark Capture Options 


After a while some data was displayed as you can see in 
Figure 8. 



Figure 8: TKe captured packets 


WireShark Filters 

The network data that WireShark may display can lie too 
much for a human to watch and understand; especially on busy 
nem^orks. Usually, when using WireShark we want to examine 
a given problem or situation or even watch for unusual network 
activity. I'liis means that it would lie nice if the netwc^rk traffic 
can be filtered at capture tijiie, avoiding the creation of huge 
capture files. WireShark coffers this capability, and this article 
section will show you how to achieve it. 

First, back in Capture Options you write your filler in the 
Capture Filter field. In this case. 1 wanted to capture traffic from 
and to the 208.67.222,222 IF address which is an openDNS 
server. A practical reason to do so is that you heard that this 
particular DNS server is either down or has been deleted and 
you want to know if anyone from your network is still using it. 



Figure 7: Capturing the traffic of the 208,67.222,222 IP address 


Generally, Display Filters are considered more useful and 
versatile than Capture Filters because most of the times you do 
not know in advance what you will capture or want to examine. 
Nevertheless, applying filters at capture time can save you time 
and disk space and that is the main reason for using them. 

WireShark has a way of telling you if a Display Filter is 
syntactically correct or not. When the background turns to light 
green, then the filter is syntactically correct. Wlien the syntax is 
erroneous, die background becomes pink. You can see both 
cases in Figure 7. The result of an inaccurate (yet syntactically 
correct) Filter at capture time is no captured data so you may 
recognize it the hard way, 



i u at ii(~ B s K@^ \ 



Figure 9 : Syntactically right (up) and wrung (down) display filters 


What you can also notice in Figure 9 is that WireShark is 
smart enough to understand invalid IP addresses such as 
192 . 168 . 257 . 10 . The presented Display Filter displays only traffic 
that originates or goes to the 192.168.1.10 IP address. 
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The good tiling about botli types of Filters in WireShark is 
that you can save them in order to have them at your disposal 
and not have to type them again which sometimes can be very 
tricky. 

The main difference between the two types of filters is that 
Capture Filters are activated before the capturing phase and 
Display Filters can lie applied either during or after capturing. 
Display Filters c'an also be applied after reading a previously 
saved capture file. 

If you would like to learn more about Display Filters—and 
you should!—you must wait for a forthcoming article in the 
WireShark series that is devoted to explaining Display Filters in 
more detail. 

Network traffic 

Before going into more detail about WireShark, 1 will talk 
a little about network traffic in Fthernet networks that use the 
TCP/IP protocols. When we say TCP/IP we not only mean the 
TCP and IP protocols btu many others including ARP, BOOTl^, 
UDP, ICMP, Fl’P, etc. 

Information is transferred using packets. Each packet has a 
header and a body. The header contains information needed by 
the protocol whereas i!ie body contains data. Many packets 
come and gc> all the time in an Ethernet network. 

Some protocols are reliable whereas some other protocols 
are nc5t reliable which means tliat they ck) not guarantee packet 
delivery-this is not always a problem bui the application must 
deal with it if needed. 

WireShark, amongst other things, captures the packets, 
analyzes and displays them in a liuman readable format. Using 
WireShark, you can then follow a TCP/IP “conversation’' 
between two computers, see the data of the packets, etc. Also, 
WireShark understands the different 'fCP/IP protocols. 

Capturing Network Traffic 

As you can easily see by the number of availai)le protocols, 
there are many things going on, e.specially on busy networks. 
Before you start capturing, it is lietter to have a given issue in 
mind tiuit you w'ant to solve or examine. Tliis is the first step 
for successful analysis of netw^ork traffic. 

Save, Open, Export, Merge and Print 

WireShark allow^s you to read and analyze already 
captured network data from a large amount of file formats 
including tcpdump, libpcap. Sun's snoop, HP's netti, K12 text 
file, etc.. This practically means that you can read almost every 
kind of captured network data witli WireShark while new file 
fcjrmats are frequently added. It Ls more likely tliat WireShark 
canntJt read a file due to invalid packet types than WireShark’s 
inal)ility to read it! 
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Similarly, WireShark allows to save your network capture 
data in a variety of formats. You can see the available formats 
in Figure 10. 

Tip: you can even use WireShark to convert a file from a 
given formal to another. 


Wireshark/tcj^dumpi/... -libpcap 
iWrasbark - nanosecond libpcap 
ModiFt»d EcpdiuUmp - liSpcap 
tcpdump - (ibpcap 
RadHat fl.t tcpdump - libpcap 
SUSE 6.3 tcpdump - libpcap 
AccalEint SviivMi captura 
HP-UX n«ttl trace 
Microsoft MetMon Lk 
M ltrusoft |SI«tMwri2X 
HA Sniffer (DOS} 

NASniifiar twinikrew) 1.1 
hJA Sniilfir (Window*) I.OOx 
Network instnjmantft observer 
iMOvall L^Naly^er 
Sun snoop 

Visual Hebwcrrks irafflc capture 
k:i2 text fUe 


Temesoft commView 


I Wireshait - pcepn^ (axpenmental) | 

Figure 10: Supported formats for saving a file 


WireShark also allows you to merge a pre-captured file 
with an existing file as you can see in Figure IT 
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1 
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! 1 nmap-sS.iJCBp 
i nmap-sU.pcBp 
sPpmgjtwt 


Figure 11; Merge with Capture File window 


As you can see in Figure 11, you can merge using one of 
the following options: 

Prepend packets to existing file: add the packets of the 
selected file before the existing packets. 

Merge packets chronologically: merge the packets of the 
selected file with the existing packets in chronological order. 

Append packets to existing file: add the packets of the 
selected file after tlie existing packets. 

You can even export an existing file as a text file, using the 
File -> Export menu option that can be seen in Figure 12. This 
option is mainly for manually processing network data or using 
it as input to another software. 
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Figure 12: The Export option 


There is also an option to prim your packeLs. I have never 
used this option In real life work but it may be useful to print 
packets and tlieir contents for educational purposes. 

Analyzing DNS traffic 

DNS queries are very cammon in TCP/IP networks. A DNS 
query creates little traffic and therefore Ls an appropriate 
example for learning purposes. 

1 ran die following ccmimand: 

$ host -t Ets mactech.cam 

□actech .com name server tis9 * zoneedit * com. 

mac tech 4 com name server nsi3.zoiieedit.com. 




Figure 13: A DNS query 


Hie two network packets were as follows ^ 

No. liirte Stiurcc Destinnhon PnXtxujl tnfb 

206 1.529812 192 i6H.|J0 195a70*0J DNS 

.Standard query NS tiiaUtx h*i'om 


Figure 13 shows the two packets that were generated in 
order to send the query and get the answer. 


Frame 206: 71 t>ytes on wire (S(>K hiLs), 71 bytes aiptuied (568 hits) 
Kdiemel If Sn.:: AppleJ lx9:tfS E(j(J:ib:42fI:c9:e87 Dst; Arcadyanj8c:L'b:27 
(00:lcld9;8c:eh;27) 

Internet Protcxo!, Src; 192.1M1. KH i92.l6S.1.10X Dst: 195.170.0.1 
(195.17(10,1) 

User Datagram Protocol, Src- PoH: 5R460 (58460), Dsi Portt tbrniiin (53) 
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Sourctf pori ; 58460 (58460) 

Dc!^natiofi port: domain (55) 

Ijength: yi 

Chet kfiom: 0x8594 Ivalidation ditiabledl 
l>:>nnaln Name System (queiy ) 
iJ^esponse In: 218] 

Transaaion 1I>: 0x26ed 
Fla^: 0x0100 (Standard queiy) 

Questions: 1 
Aiiswer RRs: 0 
Authority RRs; 0 
Additional RRs: 0 
Queries 

macteclixom: type NS, :.’lass IN 
Name: imaech.com 
Type: NS (Autlioritative name server) 

Ck‘^s; IN (OxOfK)l) 

No. Time Stxiiee Destination Protocol inro 

218 1,575271 195.170.0.1 192168,1.10 DN.S 

Standard query re.sponst^ NS ns9./oneedil.com NS nsl3^iCt)neeclif.CDm 
Frame 218: 117 bytes on wire (936 l>Ets), 117 hyies Laptureti (9.% bits) 
Kdiemet 11, Sre: ArLadyan_Bt:;eh:27 (0n:ld:19:8t':eli:27)t Dst; AppleJ 1 :t’y:e8 
(60;jh:42:[l:e9:e8) 

Intemd ]>nMKul Src; 195.170,0.1 (195.170,0.1). Dst; 192. l()8.1.10 
(192.168,1,10) 

User Datagram ProtexioJ, Sjx lA>rii tioiiuiin (55)^ Dst l^ori: 58460 (58460) 
Sciurce port: domain (53) 

De.stination poi1: 58460 ( 58460) 
length: 83 

Clieeksum; 0x2cc'e Ivalidiitiun disaliledj 
Domain Name Systent Ctt.sponse) 
iKeciuesl In; 206j 
[Time: 0.045459000 second'll 
Transaction ID; 0x26>ed 

Flags: 0x81 HO C.Slandanl ciuery response:. No error) 

Questions: 1 
Answer RRs: 2 
AulJrority Rlis; 0 
Adtiitional Rlls; 0 
Queries 

mactedi.com: ty[x: NS, ckiss IN 
Name: m;icteeh.com 
Type: NS (Authoritative name setver) 

Class; IN (0x0001) 

Answers 

miictech.com: ty|>s NS, class IN, ns as9.zt>neediLcotti 
N^ane; mactech.com 

NS (Autlioritative name server) 


Class; IN (0x0001) 

Time to live: 51 seconds 
Data lengtli: 15 

Name server: ns9.2oneedii.com 
mactecixcom: type NS. class IN, ns nsl3.zonecdit.com 
Name: mactech.com 
lYpe; NS {Authoritative name server) 

Class; IN (0x0001) 

Time to live: 51 seconds 
Data lengda: 7 

Name server: rLsl3.2oneedit.com 

A.S you can .see in Figure 15, a Display Filter iarp \ | dm) is 
used to minimise the clLsplayed data. The full DNS query re<iuired 
two network packets (Frame 206 and Fiaine 218). The UDP (User 
Datagram Protocrol) protcxol was used and the desired information 
was sent back without any errors (Tlie Flags information). You can 
tell from the time difference (0.045459) between the DNS query 
(1*529812) and the DNS aaswer (1*575271) that our DNS 
services woi k fine beanise rlie resix)iise time is pretty quick, The 
DNS server asked has the 195.170*0*1 IP addiess, Tlie same DNS 
server answered the DNS query' as its IP Ls the source of the second 
packet, 'file Answer RRs: 2 line informs us tliat there were tw^o 
answers for our DNS query. You also see that the port used by the 
DNS seiver is port 53 as expected, For tlie fust packet, it is the 
desUnarion [X>it and for the second packet, it Ls the source port 
In die forthcoming article alxxii WireSiiaik Display Filters, we 
will continue to u,se DNS as an example, which w4ll help you learn 
in more detail hcAv to deal with DNS problems. 

Analyzing ARP traffic 

ARP Is used for retaining die MAC address of a device that 
resides on die same sLil.>nel as die device dial makes the ARl^ qaeiy 
Please note dial devices residing on die same subnet find each 
other using their MAC addre.sses and not their IP addresses, ARI^ Ls 
a simple prottx'ol diat is mainly ctaiiposed of an /\RP request and 
an ARl^ je[)ly Ald^ packeLs do not liave an IJ^ address in either their 
IJ^ or TCP packet headers and tJierefore dieir traffic Ls not routable 
(cannot go from a subnet to another .subnet like Internet iiafie). 

Pcif the purpcxse.s of diis example, 1 turned on my network 
printer (an 111^ OlficeJeL 8500 with the static IP 192.1(^.1.25) in 
order to gel some ARJ^ traffic on my network, As you can see in die 
Follow ing packeLs* the printer irade a Broadcast request in order 
to learn the MAC" addre.s,s of my iMac (static IP: 192,168.1.10), 

No, Time .Source Destination Protocol Info 

576 127.086611 HewleltP_668cl:a7 Broadcajst ARP 

Who has W2,l6e.]..10? Tell 192.168.1.25 

Frame 376; 60 bytes on wire (480 bits.!, 60 iTytes captured (480 bits!) 

Arriwil Time; Jan 11, 2011 11:28:33.776323000 EET 

Epoch Time; 1294738133.776323000 seconds 

nime delta from previous captured frame; 0.000822000 secondsl 
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[Time delm from previous ciisplayed fmme' O.ffiOOOOOOO seconds] 

[Time since reference or frame: i27.OB66ll0O() seconds] 

Frame NLimIxrr: 376 

Frame Lengtli. 60 l^ytes (480 tzfits) 

Capture Length: 60 bytes (480 bits) 

[Frame is mai ked: Fake] 

[Frame Is ignored: False I 
[Pr<)tocoLs ill frame: etliiaij^] 

[Cbioring Rule Mame: AK1*J 
[Qjloring Rule String; aipj 

Ktliernet fl, Sre; HewlettF_6f:8d:a7 C00:26:55;6f:8d:a7). fXst; [broadcast 

immm) 

rX;stinati,orr: Broadcast ) 

Address; BiTKidca St (ff; ff:fh IT: (Tiff) 

,.H. .,,1 .= IG bit; Grxjup address (inulticast/lmiadcast) 

„1." LG bit; Lcx^ally administeied address (this Ls 

NCjr the factory^ default) 

Source; HewletiJ^„6f:8d:a7 (0f);26i55:6f:8d:a7) 

Adare.s.s; HewlellP_6f:8d:a7 (0{J;26:55:6f:8d;a7) 

.0 .... ..^ IG bit: Individual address (iinicast) 

.0.= LG bit: Globally unique address (factory defaulU 

T‘ype: ARP (0xOBO6) 

‘rmiler: {)()a)OOOOOOOOOCHM)CCfOOCK^^ 

Address Resolution Protcxol (reqL^est) 

Hardware type:; Ethernet (0x0(K}l> 

Protocol type: IP (0x0800) 

T lardware si?:e: 6 

ProtfX’oi size; 4 

Opcode: request (0x0001) 

iTs gnituitous; False] 

Sender MAC address: HewiettP_6f:8d:a7 (00:26:55:6f;8d;a7) 

Sender IP address: 192.168.1.25 (192. L68.1.25) 

Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00) 
Target IP addie-ss: 192,168.1.10 (192,168.1.10) 

No. Time Source Destination Protocol Info 

377 1Z7.086624 Applejl :c9:eH HcwiettP_6f:ai:a7 ARI^ 
192.168.1.10 is at 60:fb:42:fl;c9:c8 

Frame 377; 42 b>tes on wire (336 bits), 42 bytes aiptured (336 bits) 

AnivaJ Time: Jan 11, 2011 11:28:53.776336000 EET 

Epoch Time: 1294738133.776336000 seconds 

[Time delta from prevkjus captured frame; 0.000013000 sccondsl 

[Time delta from previous displayed frame: O.CHD0013000 seconds] 

[Time since reference or first frame: 127.086624000 seconds] 

Frame Number: 377 

Frame Lengtli: 42 bytes (336 bits) 

Capture Lengtli: 42 bytes (336 bits) 

[Frame is marked: False] 

[Frame is ignored; False] 


iProtcx:oLs in frame: etli:arpj 
[Coloring Rule Name: xARPi 
[Coloring Rule String: aip] 

Etliemet II, Src; A|:)pJe_fl:c9;e8 (60;fb:42;fl:c9:e8), Dst: Hew[ettl^_6f:8d;a7 
(00;26o5:6fi8da7) 

Destimition: I IewlenP_6f:8d:a7 (00:26:55:6f:8d:a7) 

Address: Hewlettr>_6f:8d:a7 (00:26; 55:6f;8d:a7) 

...0 ... = JG bit: individual address (unicast) 

..0. ... .... = LG bit: Glol^ally unique addicts (factory default) 

Source: Aiple_fl:c5):e8 (60:fc;42:fl;c9;e8) 

Address: Ap[ile_fl=c9:e8 (60:fb:42:fl:c9:e8) 

...0.= IG bit: Individual address (unicast) 

..0, .... ..= LG bit: Gloi^y uniqLie address (factoiy default) 

Type; ARP (0x(H)6) 

Addre.ss Resf>Iud<jn Protoct^l (reply) 

Hardware type: FTliemei (0x0001) 

Protocijl type; IP (0x0800) 

Haixlware .size: 6 

Prt>t<xx)] size: 4 

Opcode: reply (0x0002) 

[Is gratuitous: False) 

Sender MAC addres^v: Apple_fl:c9':*^ (60;ftj:42:fl:c5>:e8) 

Sender IP addre.s.s; 192:168,1.10 (192,168.1,10) 

T^get MAC address: HewlettP_6f:Bd:a7 (00:26:55:6f:8d:a7) 

Target IP address; 192.168.1,25 (192.168,1,25) 

llie first packet sends a broadcast asking for the MAC addix^as 
of tlie device with the IP of 192.168. L10 and is sent liy the HP 
printer. You can see tliat tlie 'laiget MAC Address'" is set to jil] zeros 
as it is unknown, llie return packet lias bd:h the “Sender MAC 
Address" and tlie “Target MAC Address” fields set. The Opeixie 
0x0001 is an .AKP request and the Opcode 0x0002 is an ARP reply. 

Summary 

lliis is the first article in a series of articles about WireShark, 
'file next article in this series is going to teach you how to examine 
tlie traffic created by the mast important Nmap scans. 

Acknowledgements: 1 would like to tliank Dimitris Tsoukalos 
for proofreading tlie aiticle. 
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Implementing File & Print 
Services on Windows Servers 
for Mac OS X Clients_ 


by Charles Edge 


Introduction 

The recent discontinuation of ihe Apple Xserve has led 
many environments heavily invested in Xserves to look 
towards other platforms in order to provide network 
services to client systems. For environments needing 
officially supported products that wish to leverage existing 
Windows infrastructures, the Enterprise Desktop Alliance 
(EDA) brings professionals charged with managing 
enterprises a cohesive and manageable ecosystem of 
products tliat provide full, end-toend support for Mac OS X 
machines, allowing file sharing, patch managejiient, policy 
enforcement and ticket tracking on an existing Windows 
infrastructure. 

The EDA performed a survey of more than 1,200 IT 
professionals in corporate, g{)vernment and education 
environments asking how' organizations are using the 
Xserve. The survey revealed that enterprises ccmsider the 
most important service that an Xserve heists is file sharing, 
followed closely by software updates, directory services and 
client management. All of these services can he run on Mac 
OS X Server, hut can alst) he hosted on other piatfoims, 
including Microsoft Window^s Server 2008. 

Using Mac OS X Server it is possible to quickly and 
easily create file shares and push those shares to clients in 
the form of home folders, automounls, login items, dock 
items and/or group shares points. Mac OS X Server can also 
easily pu.sh printers to client computers. These tasks are 
often done using managed preferences, making use of a 
dual directory environment running Mac OS X Server’s Open 
Directory. These services can then be made available to both 
Window^s and Mac OS X clients, which makes Mac OS X a 
suitable platform for smaller environments. 

But Mac OS X Serc^er requires Apple hardware. With the 
loss of the Xserve, a number of organizations are looking to 
migrate to standard Window^s or Linux hardware. This is 
often due to the fact that those platforms are more 
appropriate in environments w^hen a solution that allows for 


more rack density and rec|uires rack mount hardware is 
required. I’his could also be due to the fact that other 
platforms can then lie virtualized from end-Lo-end. Other 
platforms also allow' for more options for scalability and 
fault tolerance given the numerous clustering options. There 
is also a much larger pool of talent that can he called on to 
work with Windowes and Linux than there is with Mac OS X. 
If an organization is looking to migrate from Mac OS X 
Server into another platform, there are a number of other 
platforms that can be chosen. In this article we will focus on 
those that have vendor-suTyplied support and can be 
leveraged in a Windows Server environment where 
ExtrerneZ-Il^ and Centrify offer a very attractive alternative. 

In this article w^e will look at leveraging ExtremeZ-lP to 
share files and printers to Mac OS X clients using existing 
Windows servers and using Centrify to provide centralized 
access to those files in the Ibrm of managed preferences. 
The January, 2011 issue of MacTech included an article 
entitled “Centralized Mac Home Directories on Windows 
Servers,” w'here using Centrify and ExtremeZ-IP together to 
provide Home Direett^ries was covered at length. In this 
article we will begin by recapping a quick walkthrough of 
the installation process for both Centrify and ExtremeZ-IP. 
We will then move on to leveraging managed preferences 
served up from Centrify to provide access to shares created 
in ExlremeZ-IP, much the same way that Auto mo tints and 
Group Folders are puhli.shed to clients using Open 
Directory, We will tlien move on to deploying printers 
through Centrify. The combination of these tasks with the 
home directories then replaces much of wTat an enterprise 
would have needed from dual directory environments 
leveraging Mac OS X Server. 

For more information on ExtremeZ-fP, see 
http://www.grouplogic,com/products/©xtreme2-IP. For more 
information on Centrify’s DirectControl for Mac, see 

http:/ /www,centrify,com/sotutions/moc-os'desktop' 
manogemeniosp. 


Enterprise Desktop 

ALLlANei 


50 MARCH-2011 


VWW,MACTECH,C0M 










Got Macs? 

Got Windows Servers? 

Get them working together. 




User's Mac Environment 



It actuallylS easy to deploy; integrate and manage Macs 
in a Windows environment. Visit us to learn how: 


www.enterprisedesktopalliance.com 


Enterprise Desktop Alliance 




Registei^WWe'b" site tdr 
our live webcast on March 2 : 

"Windows, Now Serving Macs!' 


Enterprise Desktop 


ALLIANCE 







Centrify and ExtremeZ-IP 
Configuration 

To get started installing Centrify and ExtremeZ-IP^ First 
download the installers from 

http://info.centrify.coTn/Centrify-Suite-free-evaluation.hlml 
and http://www.grouplogiG.com/eztrial respectively. There 
will be some overlap with the ExtremeZ-IP portion of this 
article, in case anyone missed the previous articlej how^ever, 
given that Centrify DirectControl was installed on the client 
system in the previous article, this one will leverage the 
server software, a new process for this series. 

Installing ExtremeZ-IP 

ExtremeZ-lP will need to be installed on a Windows file 
server. This server should have a functional forward and 
reverse DNS record, be bound to Active Directory (or be a 
member Active Directory controller) and have a working 
network interface. Once the ExtremeZ-IP software has been 
downloaded: 

Extract the .zip archive containing the ExtremeZ-IP 
installer. 

Open the ExtremeZ-IP Installer file. 

Accept the licensing agreement. 

Click on Install. 

When the installation is complete, click on Finish, 

Check the Event Viewer (Start -> Administrative Tools - 
> Event Viewer) for any errors during installation, 

launch ExtremeZ-IP Admini.strator (Start -> All 
Programs -> ExlremeZ-IP -> Extreme Z-IP Admini.strator. 

On first launch the ExtremeZ-lP Administrator will 
prompt that the services are not yet running, click on Yes to 
start them. 

Once the services are .started, ExtremeZ-TP will prompt 
for providing licensing information. Click on Yes if the 
licenses are available and then provide licensing information 
(Figure I); othen^nse click on No and ExtremeZ-lP will run 
in a fully functional 21 day Trial Mode, 

Install required printers on the Microsoft Windows 
Server (sharing primers will be covered later in this article). 

Install required storage on the Microsoft Windows 
Server (creating the share points will be covered later in this 
article). 

If the server will not be used for printing or file sharing 
then suspend any unneeded services on the main ExtremeZ- 
IP screen. 



Figure 1 


Installing Centrify 

In this exercise, Centrify will need to be leveraged so 
that login items and printers can be pushed out through 
Active Directory-based group policies. Once the software 
has been copied to the server and any serial numbers are in 
hand (or the trial), the following will install Centrify in most 
environments: 

Copy the installers to the Windows Server or burn the 
.iso that Centrify i.s distributed to optical media. 

Run the Install DirectManage installer. 

Click on Next at the Centrify Suite 2010 Installation 
screen. 

At the Suite Type .screen, choose the appropriate 
licensed version (e.g. llelpDesk Ad mins it rat or, Standard 
Administrator, Enterprise Administrator or Developer 
Edition). For this exercise, one need only select the Standard 
Edition, but in production environments leveraging other 
ver.sions, thc}se may be .selected here. 

At the Select Components screen, choose the 
componenls to install (Figure 2), The default is to install all 
components available for the licen.sed version, and this is 
often the best choice. If the software is being installed on an 
administrative work-station then only the Administrator 
Console need be installed. In this exercise the console will 
be run on the server to minimize the number of .systems 
required to complete the tasks at hand, but it is possible to 
only run the Administrator Console if needed. 
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to access the Web Console, which can be used for 
administration (there is a Windows administration tool as 
well). 
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Figure 2 


At the Confirm Installation .Settings screen, click on the 
Next button to start the installer. 

Each component is a separate installer, so each 
component will prompt for installation. 'I'he Centrify 
DirectControI component will be installed first. Agree to the 
Centrify DirecrCt)ntrol licensing agreement and then w^hen 
prompted, provide the username and Organization name 
(Figure 3) following the defaults to complete the installation 
of the DirectControI coinponeni of the Centrify Suite. 
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Figure 1 

The second component to be installed is the Web 
Console. Here, follow the defaults until prompted For the 
Virtual Directory (Figure 4), This is the directory that is used 


< Back Cancel J 

Figure 4 


The PuTTY component will then be installed. Simply 
follow the defaults to ctmiplele the PuTTY installation. 

When the final installation is complete, restart the 
server 

After the restart, check the Event Viewer for any errors. 

Open the Centrify DiieciCtmirol MMC (Microsoft 
Management Console) snap-in (Start -> Centrify -> 
DirectControI -> Centrify DirectControI). 

From DirectControI click on the Action menu and then 
click on Manage Licenses... 

Click on Add and enter the license keys provided by 
Centrify. 

Verify that the Centrify DirectControI console shows the 
appropriate Active Directory objects. 

Once the installation is complete, it is time to get 
accustomed to the ttiols used in a Microsoft Windows based 
environment. 

Migrating From Mac OS X Server 

Any time the type of server that is being used is being 
changed, there wall be a learning curve. For environments 
that are considering moving file services away from Apple 
hardware and onto Window^s, there are a few^ important 
tools that will need to be learned. Luckily, the Microsoft 
Server, ExtremeZ-IP and Centrify product lines are very 
straightforw^ard. 

The equivalent for the tools used in a Mac OS X Server 
environment includes the following: 

Workgroup Manager: The tool used to configure users, 
computers and groups in a Windows Server environment is 
Active Directory Users and Computers. Policies, such as 
automated deployment of shares via managed preferences, 
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are configured through the Group Policy Editor, or through 
a third party tool, such as Cenlrify. 

Server Admin; For environments using ExtremeZ-iP, the 
tool used to create share points, manage printers, configure 
settings for the afp services and manage sessions is 
ExtremeZdP Administrator Windows Explorer is used to 
configure file permissions, similar to how Server Admin, 
Finder Properties for a given directory or command line 
options (e.g. chmod and chown) can be used in Mac OS X. 

Print & Fax System Preference pane: In Mac OS X, 
printers are added using the Print Sl Fax System Preference 
pane prior to being shared out through Server Admin. In 
Windows Server and ExtremeZ-lP, printers are added to the 
server using the Printers Control Panel and then the printer 
queues are shared out. ExtremeZ-lP also has a feature to 
force a PPD (driver) download from the printer. 

Once familiar with the tools required to migrate from 
Mac OS X Server to the new Windows Server environment it 
is time to create the shared resources that users will interact 
with. I'his is done through ExtremeZ-l? Admin. 

Creating Share Points 

One of the most important tasks involved in managing 
any file server is to create new share points, referred to as 
Volumes in ExiremeZdP. In an Ex t re me Z-IP environment, a 
single share is configured on new servers, which is used for 
the print server. 

1b create a share point in ExtremeZdP: 

Open the ExtremeZ-IP Admin tool 

From the main ExtremeZ-IP Admin tool screen, click on 
the Volumes button, 

Click on the Create... button. 

Browse to the directory that will be shared and click on 
the OK button once highlighted. 

At the Volume Properties screen, provide the 
appropriate settings for the volume (Figure 5): 

Volume Name: How the volume will be presented to 
clients. 

Path: The local path on the file server that the volume 
will point to. 

Attributes: Allow configuring whether the volume is 
read-only, has guest access enabled and can be used as 
mobile or network hc^me directories. 

Search: Enable Spotlight indexing of the volume. 

Time Machine: Allow users to use time machine and 
define quotas for Time Machine. 

Advanced: Set volume passwords and limit the number 
of users that can access a volume concurrently. 
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Figure 5 


Once the .settings have been configured click OK to 
create the new Volume. 

The next step is to assign the appropriate permissions 
for files being shared. To do so: 

Open the Volumes screen. 

Highlight each shared volume. 

Click on the Show in Explorer button to open Windows 
Explorer for the directory that the volume represents. 

Right-click on the directory being shared and click on 
Properties. 

Click on the Security tab of the Properties screen. 
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Click on each group and then click on the Edit.., button 
to configure the permissions the group (or user, although 
groups are most commonly used for such a task) should 
have access to. Permissions per user or group include a 
similar list to the one available in Mac OS X Server's ACLs: 
Full Control, Modify, Read & Execute, List Folder Contents, 
Read, Write. Special Permissions also include Traverse 
Folder, List Folder, Read Attributes, Read Extended 
Attributes, Create Files, Create Folders, Write Attributes, 
Write Extended Attributes, Delete Subfolders and Files, 
Delete, Read Permissions, Change Permissions and Take 
Ownership. 


H PermissKHts for Absolute 


Security | 

Object name: C \/^salijte 


Group or user names; 


CREATOR OWNER 
fi» SYSTEM 

iltjAitaiirtrtrators (PRETENDCO\^dmi™sjratoi») 

L ' 1 T RtTEn [)CO’ L'sen:' \ 

Pomi^sions for Usem 

Add. 1 

Alow 

Remove | 

Deny 

RJ cwtrol 

□ 

□ 

Modify 

□ 

□ 

Read £ ^ecute 

□ 

□ 

List folder cortents 

□ 

□ -■ 


Read □ ^ Jl] 


Lsam about access control and penrusaorts 


OK 

Cancel | Apply 



Figure 7 


Once all of the appropriate groups have been 
configured, click on the Apply button to commit the 
permission changes. 

Once the shared volumes have been created and have 
appropriate permissions the next step will be to create any 
shared printers that will be used in the environment. 

Creating Printers 

ExtremeZ-IP isn’t just a file server, it’s also a Fully 
functional print server that can be used to share print 
queues to Mac OS X clients. Because ExtremeZ-IP supports 
Bonjour printing, users wall have a similar experience when 
finding and configuring printers. ExtremeZ-iP printer 
support is easy to setup, especially in environments where 
the printers that need to be shared to Mac OS X clients are 
already installed on the Windows print server. 


To create a printer queue: 

Obtain the latest printer drivers for Windows and Mac 
OS X (in ppd form) from the manufacturer of the primer. 

Install the printer on the Window^s Server using the 
Printers Control Panel, making sure to use the postscript 
(PS) drivers as the PCL drivers will not work as well whth 
ExrremeZ-IP. 

From the main ExtremeZ-lP Admin tool screen, click on 
the Print Queues button. 

Click on the Create... button. 

At the Print Queue Properties screen (Figure 8), provide 
a name for the printer as well as a Description and Location 
if appropriate. 

Use the Processing drop-down list to select Send to 
Windows Print Queue 

Provide a valid Mac OS X printer driver using the File- 
field in the portion of the screen reserved for PPD, These 
PPD files will be placed into /eic/cups/ppd. Before adding 
them to the server make sure they work from a client 
system. 

Click on OK. 
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Figures 

Alternatively, at the Print Queues screen, the Replicate 
Windows Print Queues,., button will copy all of the print 
queues installed on the Windows Server to the instance of 
ExtremeZ-IP running on that host. Once copied, click on 
any queue and then click on the Modif>^.. button to bring 
up the properties of each queue. The properties can then be 
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modified, PPDs added and Prim Accounting enabled, if 
needed. Once the printer queues and shared volumes have 
been created and shared out to clients it Ls time to test the 
connections to both. 

Testing 

Once the new volumes and print queues are shared out 
they can he tested from client systems. Discoverability, 
connectivity, throughput and security levels are all factors in 
making sure that users have seamless experiences 

Testing file sharing should encompass a number of 
tasks, starting with connecting to the shared volume. Shared 
volumes can be connected to from clients in the same 
fashion that Mac OS X Server was connected through: 
namely by going to the Finder, clicking on the Go menu and 
selecting Connect to Server... Once the volume is mounted, 
clients will then be able to copy data to and from the shared 
volume based on the permissions that have been assigned to 
the files and folders within the volume, The throughput is 
one of the most important aspects of testing client 
connectivity. One application that can be used to test 
throughput is DiskFire, available at 
http://factorial.co.n 2 /tools/index.htmL It is also important to 
verify that users have access to the directories that they need 
access to and that they do not have access to directories that 
they .should not have access to. Verifying such is typically as 
simple as attempting to browse folders. 

The next step is to test printing from a Mac OS X client 
computer. To do so, open the Print ik Fax control panel in 
Mac OS X. Provided that Bon jour is enabled on printer 
queues, clicking on the plus sign (+) should bring up a list 
of printers and the queues available via Bonjour should be 
there. Provided that PPD download is enabled on the shared 
print queues, clicking on the printer should provide a print 
driver in the Print Using list. 

Once all of the volumes have been created and shares 
tested, it's time to copy the data from the Mac OS X Server 
to the ExtremeZ‘IP share, which can he done using a third 
party tool, such as SuperFlexible File Sync or one of the 
many command line tools available, such as ditto, cp and 
others. There are some additional features of ExtrenieZ-lP to 
consider though, before publishing the shared volumes and 
printers to client systems using Centrify. 

Further Leveraging ExtremeZ-IP 

Transitioning between platforms can be a painful 
experience. But as weVe shown, setting up ExtrcmeZ-IP is 
a straightforward process. But ExtremeZ-lP comes with a 
numiier t)f features that are not built into Mac OS X Server. 
In this section w^e will look Lake a glance at these features. 

Files 

Some of the more important features in ExtremeZ-IP 
(beyond the actual sharing of files and printers) include DFS 
integration, Shadow' Copy integration, the ability to leverage 


archival appliances, and file policies. Microsoft’s DFS can be 
a sore point with Mac OS X users in enterprise environments 
that heavily leverage the Microsoft portfolio as DFS is not 
natively supported in Mac OS X. ExtremeZ-IP can provide 
Mac OS X clients with access to DFS-based shares. The first 
article of this series focused on leveraging ExtremeZ-IP with 
Centrify to provide centralized access to an existing DFS 
environment using ExtremeZ-IP, so that is not going to be 
covered any further in this article, but is still worth noting. 

Microsoft Volume Shadow Copy Service (VSS) enables 
Windows users to restore versioned backups of files in a 
Window^s Server environment. VSS allows a Windows Server 
administrator to assign a low cost storage location, such as 
a large SATA array to cache changed files for a given 
directory tree. But VSS allows end users to restore files from 
this cache, meaning that wdien a user deletes a file, a file 
gets corrupted or a user wants to revert back to an old copy 
of a file, they can do it themselves. This reduces calls to 
.service desks wdiilst giving end users instant access to their 
files. 

But VSS is not currently supported w-itli the Mac OS X 
Server version of Samba. VSS can he made to work with tlie 
latest versions of Samba that have not been ported into Mac 
OS X Seiwer, ,sq if environments choose to recompile Samba 
this Ls an option, albeit one that will render Samba 
unmanageable using SeTwer Admin. Otherwise, GroupLogic's 
ShadowConnect bring.s the VSS .services to the Mac, 

ArchiveConnect is a feature that leverages stub files. 
Stub files are placeholders that reference the primary 
representation of a file that is stored on another device. 
Symantec’s Enterprise Vault and CommVauit's Simpana are 
examples of information management soFtw'are packages 
that can work with stub files, creating them based on rules 
that administrator’s define and migrating the original file lo 
a lower-tier of storage. ArchiveConnect puts the power of 
restoring the file into the user’s hands so that they do not 
need to call the service desk each time they need to restore 
a file. This results in a lower cost for large storage 
environments and less time where users are waiting for 
restores to occur. 

ExtremeZ-IP also supports a number of policies that can 
be applied to how files are named, using a feature called 
Filename Policy. The Filename Policy is global to a server 
and helps to prevent users from creating Files with too many 
characters in the names, files with exten.sions the 
organization may have deemed inappropriate, etc. These 
policies help to make sure that no systems in a truly 
heterogenous world have to live as a second-class citizen 
(e g. Linux, Mac OS X, IRIX, Solaris, etc). To access Filename 
Policies, simply click on the Settings icon w^hen ExtremeZ- 
IP Admin is opened and then click on the Filename Policy 
tab. Here, all of the Filename Policies can be configured for 
die server. Filename policies are completely optional and 
not recommended in environments where Mac OS X clients 
need to use characters that are not legal on the NTFS 
filesystem as those characters wall be converted to Unicode 
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using the Microsoft conventions explained at 
http://support.microsoft.com/kb/117258. 

Printers 

ExtremeZ-JP also supports a number of features aimed 
at not only keeping parity with features from Mac OS but 
also at providing an even more user friendly experience 
with the product. Performing printer discovery with 
ExtrenieZdP’s Zidget is one option that administrators can 
make use of, but the ability to Force the download of a 
driver (see the Creating Printers section from earlier in this 
article) can help keep system images for deployment 
smaller, reduce the number of automations required and 
also keep the most recent driver in distribution. 

Finally, ExtremeZ-IP also supports hot folder based 
workflows, common in PostScript workflows common in 
environments such as corporate creative, ad agencies, pre¬ 
press, printing, and publishing. Using a hot folder based 
workflow; a print queue is configured that prints a 
PostScript file to a UNC path to the iiot folder^ PostScript 
files can then be picked up and used by other printing 
solutions, allowing easy integration with PostScript 
workflows, such as Adobe's Acrobat Distiller, Kodak's 
Prinergy and AGFA’S Apogee, 
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Figure 9 


Centrify and managed preferences 

Once all of the features that are needed with ExtremcZ- 
IP are configured and data ha.s been moved to the new 
location and given the appropriate permissions then it is 
time to give access to shared volumes and printers to the 
clients. There are a number of ways to go about this, but as 
we noted in the beginning of this article wcVe chosen to 
use Centrify .so that management is centralized and so can 
replace other directory services, such as Open Directory 
with Managed Preferences using Active Directory with 
Centrify. In this section of the article we will look at two 
tasks: deploying access to shared volumes and deploying 
printers. 

Deploying Access to Files with Centrify 

When deploying most Managed Preferences in a 
centralized environment, it is best to use groups to do so. In 
the following walk-through we will be pushing out a mount 
in the form of a Login item for a group called Accounting 
Open the Group Policy Management console from Start 
-> Administrative Tools -> Group Policy Management, 
Browse dowm the tree to Group Policy Objects, 
Right-click on Group Policy Objects and click on New. 


At the New GPO dialog box (GPC) is short for Group 
Policy Objects), provide a name for the GPO. As more GPOs 
are created, each can be used as a Starter GPO, or template. 
For the initial GPO, simply provide a name. 

Once created, right-click on the name of the newly 
created GPO and click on Edit to bring up the Group Policy 
Management Editor. 

At the Group Policy management Editor, open User 
Configuration and then Policies. 

Click on Centrify Settings and then click on 
Add/Remove Templates in the Action menu. 
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Click on the Add.,, button. 

Click on the centrify_mac_settings XML Document in 
the list and then press the OK button. 

Click on the OK button and Mac OS X Settings should 
then be listed underneath Centrify Settings. 
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Figure 11 

Repeat the process to add the centnfydc_settings XML 
Document into the list, 

browse to Login Settings and then double-click on 
Enable login items 

Click on the Add .. button to add a login item. 

Type in the path to the shared volume frcmi ExtremeZ- 
IP with a /AFP prefix (e.g, if the server name were 
afp.preiendcoxom and the share were called Accounting, 
the path would be /AFP/afp.preteadco,com/Accounting). 


Click on the check-box for Hide if the share shouldn’t 
be shown to the user. 

Click on OK at the Add a login item: screen and then 
click on OK at the Enable login items Properties screen. 

Now that the GPO has been created it can be applied 
to an Organizational Unit (OU), To apply a GPO to an OU 
Open the Group Policy Management console (Start -> 
Administrative Tools ~> Group Policy Management), 

Browse to the Organizarional Unit to link the GPO to. 
Right-click on the OU and then click on Link an Existing 
GPO, 
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Figure 1B 


OK 


Cancel 


At the Select GPO screen, click on the GPO and then 
click on the OK button. 


Figure 12 
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Use the resources you already have to easily manage and secure 

Macs in the Enterprise 
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control access across departments or geographies, and even use Group Policy to ensure compliance with password, 
screensaver lockout, file-sharing and other security measures. 


Best of all, you can get started for free! With Centrify Express, in minutes you can have users logging into their Macs 
with their corporate Windows username and password. 




I 

www.centrify.com/express 




Get Started for FREE 




Absolute 

Soft ware 


% 

ExtremeZ’IP. 


Centrify is a Proud Member of 


Centrify- 


^ Web Help Desk 


Enterprise Desktop 

ALLIANCE 













Ijcd; in ths domain) 


j^ffSencfco-cwn 



I OK, I Cancel [ 


Figure 14 

The GPO will then be linked to the OU. If the 
environment will also he leveraging Centnfy as a print 
server then the next step will he to setup a GPO (or use the 
existing GPO) for use in managing the printers. 

Deploying Access to Printers 
with Centrify 

Deploying printers from a centralized location can also 
he done using Centrify, This is done by installing all the 
printers required and then copying the configuration files 
that store this infcjimation to the SYSVOL directory^ in Active 
Directory A GPO is then created that instructs the client to 
use the copied configuration file to install the printers. Any 
previously installed printers will no longer he available. 
However, printers can he reinstalled using other means, 
such as the I pa dm in comma nd. 

Given that most administrators reading this article will 
know how to perform the initial printer installation, this 
section will cover how to take the files and distribute them 
with Centrify. Multiple files can he distributed to clients 
using GPOs in order to have different base sets of printer 
configurations. Once the printers have been ctinfigured, use 
the following steps to create a GPO that will di.strihute the 
printer File: 

Change the Everyone permission for the 
/etc/cups/printerxonf file to Read-Only (eg. Using the 
climod 774 /etc/cups/printerconf command). 

Create a new directory in the SYWOl directory (e g. 
called Centrify), which is by default C:\Windows\SYSVOL. 

Copy the /etc/cups/printcr.tonf file to the newly 
created SYSVOL directory for the environment (which is 
then automatically replicated tt> all domain controllers). 

The drivers (e.g. - PPD files) can also be copied to the 
newly created SYSVOL directory or can be obtained from 
the Extreme2-IP supplied drivers. 


Create a new Group Policy Object (GPO) or edit the 
previously created GPO. 

From the Group Policy Manageinent Editor, open 
Computer Configuration and then Centrify Settings and click 
on Common UNIX Settings. 
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Figure 15 

Double-click on Copy files to open the Copy files 
Properties dialog. 

Using the Copy file policy settings drop-down menu, 
choose Enabled. 

Click on the Add,., button to configure a Ole to be 
copied. 

Leave the Origin: field set a,s the domain name (which 
hy default is C:\Windows\SYSVOL) or choose an 
appropriate SMB location. 

If using the default domain name, provide the relative 
path to the printersxonf file that was previously copied to 
the SYSVOL directory in the Filename field. For example, if 
the directory was called Centrify then use 
CentrilyYprintersxon f. 

Enter /etc/cups/printers conf as the de.stination. 

Choose Speficy permissions and ownership for the 
radio button that controls ownership. 

Set the File permissions to 0600, set the UID to 0 and 
the GUID to 26. 

Click on OK. 
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Figure 16 

Repeat the process for all ppd files being copied to the 
client, using 0644 as the file permissions setting the File 
owner UID to 0 and the Owner group GID to 26. 

If the new entry was created in a new GPO then it will 
need to be applied to the appropriate groups in the same 
way GPOs were applied in the GRO Deploying Access to 
Files with Centrify section previously. If the new^ entry was 
in an existing GPO that was already applied to groups the 
changes should reflect at the next login event. For more 
granular control of printers, the Specify commands option 
under Common UNIX Settings will allow savvy 
administrators to push out new’ printers to clients as part of 
a GPO using the Ipadmin command. 

Summary 

Active Directory leverages Group Policies to do what 
we refer to as Managed Preferences in the Mac Systems 
Administration community. Managed Preferences allow an 
environment to push out settings and then lock those 
settings down if needed on client systems. The ability to use 
Managed Preferences to push our login items is one of the 
most useful tasks that can be undertaken when 
implementing file services for Mac OS X-based 
environments. This means administrators do not have to go 
to each client computer in order to configure the client to 
see resources as those resources are added to the 
environment. 


Environments without any directory services can still 
push login items and dock items to client computers to help 
automate the client portion of a migration. In these types of 
environments, leveraging Managed Preferences for local 
users allows environments to maintain a decentralized 
Managed Preferences solution. In order to centrally manage, 
a patch management solution such as Absolute Manage can 
help to bring more sanity to an otherwise complicated 
environment. 

File shares are one of the more critical resources that 
users need to access. The ability to leverage Managed 
Preferences to push out connections to file shares and then 
add a dock item to access those shares helps to craft a user 
experience that will be appreciated by users for the 
consistency and systems administrators for the automation it 
brings to their otherwise hectic lives. In this article, we 
looked at configuring shares in ExtremeZ-IP and setting 
permissions on files. Getting the new location for files that 
users will access can then be done quickly and effectively 
using Centrify. 

Printer deployment is another task where Managed 
Preferences help to automate administrative tasks. As we 
showed in this article, sharing printers is a process that 
requires very little work, provided the printer drivers are 
compatible with all of the operating systems in use in an 
environment. Both Mae OS X clients and Windows clients 
can then make use of Bonjcjur to quickly locate printers. 
However, when distributing printers to large numbers of 
users, the service desk can be inundated with calls when 
attempting to have each user do so individually. Doing so 
with Managed Preferences fas was shown with Centrify in 
this article) reduces the likelihood of error and allows for a 
more nimble approach to systems management. 

Overall, the conibinatitin of ExtremeZ-lP and Centrify 
allow the centralized administration of assets to be as 
seamless as possible, scalable and makes a great option for 
environments looking to move away from Mac OS X Server 
t)r Linux based file and directory .services solutions. 
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Software Deployment Made Simple 

A look at StarDeploy 

by Greg Neagle, MacEnterprise.org 



MacEnterprise.org 

Mac OS X enterprise deployment project 


Simple Mass Deployment 

Software deployment Ls a key task for enterj^jrise Mac 
administrators, and there are many tools in use. Some 
administrators siinpiy install all needed sofe^are as part of an 
image, and only update software by leimaging macliines. Others 
may inedude st^me applications :ts part of a base image, and use a 
ttK}l like Apple Remote IX^sktop to remotely install additional or 
updated serftware on machines after deployment, in laiger 
organi;^nti(ms, administrators may turn to tcx;>ls specifically designed 
for enteiprise-scale software deployment. Some mmmercial tcx^ls 
tliat address this need include die GiS|X*r Suite, FileWave, and 
Absolute Manage. 

In MacTech Magazine, we recently wnijiped up a four part 
series on Miirtki, an oix^ti-source utility for enterprise Miliware 
deployment. Munki is lice, tlcxible and capable, liUt has a definite 
learning curv^e and a fair amount of complexity. Tl might Ire Uk> 
complex for some organizations to coasidej-. Those titgani/ations 
might want to coasider another fme Lteployment tcxih StarDeploy 

Conceptually StarDeploy is inc redibly simple. The StarDefiloy 
server consists of a file sliaie, ideally using Apple File l^rotcxc)! 
(AFP), btit SMB, FTl^, and WeliDAV are supported as well. The 
share consists of four folders: Applications, library, Users, and 
Packages. Anydiing copied to the StarDeploy share's Applications 
folder Is in turn copied to the /Applications folder ibr all 
StarDeploy clients. Deploying a new vetr^ion of Firefox is as simple 
as copying it to die Applications fbkler on the StarDeploy share, 
Ihe Libraiy and Users folders liehave in the same way, making it 
trivial for example, to distribute a certain ibnl to all your machines. 

'Ihe liickages folder Ixhaves a little differently but again is 
simple [o understand: any Apple Installer [Xickage copied to this 
folder is subsequently copied to all StarDeploy clients and installed 
via the command-line instidler. 

Walkthrough 

Lets walk thix)ugh a liasic StarDeploy implemeniatLOJi tind 
demonslJXite how^ .simple it is to use. 

Install the StarDeploy tools 

Dowmload and install the StarDeploy client from 
http://www.stardeploy.com/. The pachige installs: 

A Preference Pane at 

/Libraxy/PreferencePanes/sssd-prefPane 


A directory at 

/Library/Application Support/sssd containing 
rcx>ls and fdes used by StarDeploy 
A launchd Job at 

/Library/LaunchDaemons/sssd.plist 
A synilink at /usr/bin/sssd pointing to the StarDeploy 
daemon at 

/Libraxy/App1ication Support/sssd/sssd. 

Create the StarDeploy server 

Next, ereaie a hie sluire on an available file server. For initial 
testing, you can even u.se Pile Sharing on an available client Mac. 
For this walkthrough. I named the share fstardeployl Make sure 
you can conned to the file share frotii the Finder liefore 
prexeeding. 

Configuring the client 

Open System l^references and click on die StarlX"[>loy 
l^reference Pane, li should look like Figum 1. 



f Setup Folders Advartced Hlstary 
Server or Host Computer 
afp.^ y m i n I. local / s.tardep I oy 
Snler 1u^cl^^a5» to AFP. FT?. SMB. or WebDAV jH^i e 
User Nam a greg Password 

Leave biank Tr.i conrurcr as gu&sx 


teploy 

( Setup } Donl show moynied volurne 

B 


Setup Folder Hiefurthy en Sorvar 



On 

Off 

Schedute 

Connect to server or host 

0 Every minute 

0 Every hour 

0 

ja.d Now^ 

Llmtt download speed to 

0 

2 kb/icc 


Figure 1 - StarDeploy Preference Pane 


Unl{>ck the pane using admini.strator credentials. Enter the file 
shiire’s URL in the Server or Host Computer field, and the user 
name and password to use to connect. For the initial connection, 
you need to use a user name with lead and w^rite pemiissitms to 
the share; after the initial setup, you should change to a user with 
read-only pennissioas (and tills is strongly recommended). In 
Figure 1, Eve entered my username and password, since 1 set up 
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START 

FAXING! 


Each subscriber receives 
faxes directly by email 
as PDF file attachments. 


my U 5 er account with read and write pemiissioas on the 
StarDeploy File share. 

Next click the Setup button, A few seconds later you should 
see an alert telling you the share has been successfully set up. If 
you peek at the file share, you'D see that four folders have been 
created inside the share as in Figure 2. 

^ ^ ^ _ g staf dcploy___^ 
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Figure 2 - Folders In StarDeploy file share 


WeVe done with the basic ccjnfiguration! Close System 
Preferences. We can now test a simple deployment 

StarDeploy “HeUo World!” 

Wlien learning a new programming language, one of the first 
exeidses is asually the '‘Hello, Worid!” exercise, w^here you write a 
very simple progiani tliat prints "Hello, World!" to the saeen. When 
five demoastrated Munki* the first exercise Fve traditionally used is 
to use Munki to install Firefox. So well call 'installing Firefox" the 
■‘Hello, Worldr' of software deployment. 

Start by making suie Pirefox is not installed in your test client's 
/Applications ft>lder - if you have a copy of Firefox there, just 
move it to the trash or do a quick ‘sudo rm -r 
/Applications/Firefox. app" in theTenninal. 

Next we need to add Firefcjx to the StarDeploy server. 
Download the current version of Firefox from 
http://www,nnozillaxom. Copy the Firefox applk'ation from the 
mounted disk image to the Applications folder inside die 
StarDeploy file share. See Figure 3 for an exiimple. 
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Figure 3 - Firefox copied to the StarDeploy Applications folder 


Returning to your test client, if the client is currently connected 
to the StarDeploy file share, disconnect from it. Open the 
/Applications folder and verify that Firefox is not installed. 
Open System Preferences and chfx>se the StarDeploy preference 
pane. Unlock the pane if needed, and dick Downbad Now. Within 
a few seconds, you should see Firefox appear in the 
/Applications folder. YouVe just completed "Hello, World!" 
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What s the Catch? 

As you can see, StarDepIoy Ls incTedibiy easy to understand. If 
you wdui to install additional appiicaiioas, you’d just diop them into 
the StarI>eplQy Applic'^ations folder. Apple packages can added 
to the StarDepIoy Packages folder, and they will be installed as well. 

But you might be beginning to see some liiTiitation.s as well 
Every application you copy to the StarDepIoy Applications folder 
will get copied to every StarDepIoy client. Tliis Ls fantastic when 
you have large numbers of machines that have an identical 
configuration, such as instructional labs. But what if you want some 
applications to go to sotue machines, and other applications to go 
to others? 

It turns out tliat you can use StarDepIoy in this configuration 
as well. Let’s look at the StarDepIoy preference pane again. Tliis 
time, click the Folders tab. 
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Under tile Folders tab, whicli is shown in Figure 4, you can 
configure which folders in the StarDepIoy file share are used. By 
default, the Applicatioas folder is named “Applications'" on the 
StarDepIoy file share. But you cm specify anotiier folder to use 
instead. As an example, lets say your lab machines got one set of 
applic^itions, and your staff machine got anotiier. Instead of a top- 
level Applications folder in the StarDepIoy share, you cmild have a 
dab" folder and a “staff"’ folder. Under these folders could then be 
Applications, Library, Packages and Users folders. 

You could then configure StarDepIoy on the lab machines to 
use lab/Applications for the Applications folder, lab/Users 
for die Users folder, lab/Library for the Library folder, and 
lab/Packages for the Packages folder (settings for library and 
Packages are found under the Advanced tab). Staff machines could 
then use staff/Applications, staff/Users, and so on. 

Tliougli this approach does allow you to install different sets 
of softw^are on different Macs, there are some potential issues. First, 
this may not scale well if you liave dozens, hundreds, or even 
thousands of different configurations. In a one-tcnone deployment 
model where there is one machine for each user, ifs not impossible 
to think diat each machine miglit have a slightly different set of 
software installed. Secondly unless you do some fancy linking, 
you'll liave multiple copies of each application or package that is 
part of multiple configurations. This could eat up storage space very 
quickly as you add additional configurations. 

More limitations 

Some additional limitations of StarDepIoy diat may or may not 
be important in your environment: 


Figure 4 - Folders preferences 



Interference? 



We automatically steer Wi-Fi signals around it 



ZoneFlex 7363 Senes 
Dual-Band 802.11 fi 
Access Point 


You'd be surprised at the things that screw up wireless. When trying to stream 
anything over Wi-Ft, bluetooth devices, thick walls, microwave ovens, cordless phones, 
neighbor networks, and even big "'boned" mammals are all a pain in the rumpus. But we 
can deal with them all. Our patented Smart Wi^Fi technology constantly forms and steers 
Wi-Fi signals over the fastest and cleanest paths — while rejecting interference. This gives 
you longer range and more reliable throughput you can count on. Simply better connections. 
See for yourself at www.ruckuswireless.com. 
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Forced instaUs. Wien StarDeploy deploys an application or 
package, it does so whetlier or not a user is logged in, and whetiier 
or not ilie appliaidon or other item is in use. This might leitd to 
problems if, say, your users aie editing an Excel spreadsheet at tlie 
Siinie time StarDeploy is installing an Office update. Yoti iniglit 
avoid or at least minimize tliis issue by setting StarDeploy to run 
only once a day and scheduling that run during *‘ofF-hours''. 

Packages diat require a restart. Since StarDeploy does its 
insbills without regard to user activity, iastallation of packages tliat 
require a restart afterw^ards may cause issues. StarDeploy c'an lie 
configured to automatically restart a machine after installing a 
package lliat requires a restart, but tliis niiglit cause a user to lose 
data if a machine is unexpectedly resraned. On tlie other liand, 
failing to restart after an install tliat requires it might also c^tuse 
proi:)lems; appllc'ations can crash when in tills state. 

Limited uninstaiJ support. SuirDeploy has no sup|X)rt for 
uninstalling items tliat are installed via A[iple packages. For items 
deployed via the StirlX'ploy Applications, Library, and Users 
folders, selecting "Keep synced with .serv^er” (in the StarDeploy 
preferenc'e pane) causes StarDeploy to not only install new' items 
added to die specified folders, liut also to remove itents froEii dieni 
computers when the corresponding item Ls remo\^ froni die 
StarDeploy file sliaie. The StarlX'ploy miinual does not recommend 
using this feature when the StarDeploy share is hosted on an FTP 
or WebDAV ser\^er. 

No Apple Software Updates support. StarDeploy does not 
integrate with Apple Software Update, lielevant iiptlates could Ix" 
dow nloaded its .standidone packages from Apples web site and 
added to the StarDeploy Paclciges direaiTiy. Ai.so, if the Ibrced 
nature of StarDeploy iastalls is not a p!X)b!em in your environment. 


a simple script that does a ' softwaxeupdate -i -a' might 
suffice For you. 

Conclusion 

StarDeploy is a software deployment system that Ls extremely 
simple to set up and use. However, its simplicity also results in 
some significant limitations. 

In die riglit environment, StiirDeplo/s limitadons may not 
matter, and its simplicity may be ideal. For example, in a K-12 or 
higher-ed instructional tab, StarDeploy could Lx configured to run 
in the ofF-hours, updating all the macliines In a lab at 5 am. Since 
StarDeploy was designed by Matdiew Felt, a K-12 school district 
employee, it's not surprising that a K-12 schtx)! is an ideal 
environment lor dils deplo>Tnent tool. 

In any c:ase, sinc^ StarDeploy is free and simple ro try out, you 
can evaluate k for yourself in your environment. 

For more infonitition on StaiDeploy, visit die StirDeploy 
website at http://www.stardeploy,com, and read the dociimcmtation at 
http; //WWW. sto rdeptoy, com/Sta rDeploy/Setup/Setup. htm 1. 
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THE MACTECH SPOTLIGHT 

Martin 

PMkington 

M Cubed Software 

http://www.mcubedsw.com 


What do you do? 

Tm the Writer of Weird Synibois ai M Culled. Pul another 
way Pm tlie owner, progratniner, designer^ support guy and 
cleaner. Most of my time is speni in Xcode trying to tiiick tilings 
together or in a notebook scribbling out design.s. Tm currently 
the only person at M Cubed but occasionally 1 do work with 
others for things like icon design 

How long have you been doing what you do? 

Well, I started out making very simple point and click 
games around 10 years ago but Tve been doing proper Mac 
development for over 6 years now and as a full time gig for the 
past IS months 

What was your first computer? 

I'm told my first computer was an LC I’lut I don’t really 
remember it as 1 was The first computer 1 

remember was the family's Perforr^^’’li^4l*JDespite the bad 
reputation tliey had, it is still to this day the in^STteUi^iile Mac 
pve ever dealt with. 

Are you Mac-only, or a multi-platform person? 

I’m a born and f'jied Mac user but 1 do use Windows on 
occasion, mostly for tlie occasional game. Soon I might be 
looking into Window^i Phone develupment so 1 might end up 
using it a bit more. 

What is the advice you^d give to someone trying to get 
into this line of work today? 

Firstly is to make sure you w^ork on sonietliing you love. If 
you’re going to !)e wc^rking on something yc;Li don't enjoy, you 
won’t do a good jol> of it. If ycjuTe waiting your own app, 
sciatcl) your own itch as you'll he your be.st customej’. 

rd also say not to worry^ if you ever feel like you are in 
over your head. Every developer has been therei the important 
thing is to make sure you keep learning new things, A good 
measure of whether you Ye progressing a.s a developer is to 
look at code you wrote 12 months ago. If you don’t find 
something you cringe at because it i.s so bad, you're not 
improving enough. 

And lastly, don’t be afraid to ask for help. If you can’t 
figure out how to do something do a Gcx)gle search. If Google 


shows nothing up then send an email to another developer or 
to a mailing list or get on IRC or twitter. Most developers are 
more than happy to answer questions when you are genuinely 
stuck. And always try^ to help other developers in return if they 
come to you for help when theyYe stuck. 

What*s the coolest tech thing you've done using OS X? 

i can’t really tliiiik of a single thing but they ail revolve 
around tlie topic of accessibility. Things like improving the 
accessibiiity^pf table Mfws or using the accessibility APIs in 
interesting ways such ais manipulating the 
111 of other applications. 

Ever? 

This is 
probably isn't 
exactly cool but 
it's the thing I'm 
most proud of. 
Making a point 
and dick 

adventure game 
using Claris 
Works and 
Apple Media 
Tool when I was 
8. It wasn’t even 
impressive by 
any means but 
it's the point when I 
started heading towards 
making .software 

Where can we see a sample of your work? 

All of my software is available at 
hftp://www.mcubedsw,com . 1 also post some lechnical articles 
on my personal blog at http://pilky.me 

The next way Tm going to impact the Mac universe is: 

I’ve long Ix^en one of those people who knows they 
should test more but never does. I'm not the liiggest fan of unit 
tests and w^ould rather do LIl testing, so Em currently looking 
into building a Ul testing system for Mac apps. 1 have no idea 
w^hether anything usable will come of it hut 1 have my fingers 
erossed. 

Anything else we should know? 

I highly recommend watching the video of a short talk I 
gave at NSConference in 2009 al)out accessibility on the Mac, 
it’s something people ideally need to be more aw'are of: 
http://ideveloper.iv/freevideo/details?] ndex-19174281 
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If you Of soofoone you know 6^01195 in ths fi/iaiTech SpofS^l iet us 
know! Send dett^ to eiSfO¥ki@macfe<kcom 
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Mac shopping made easy. 

Grab that to-do list, and prepare for some one-stop shopping at 
Smalldog.com! 
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Blindl6S simplify the buying process 

Mac bundles {think Mac + RAM + AppleCare + external hard drive, etc.) 
not only include everything you need, but also save you money. 

Visit» Smalldog.com/specials 


Macs from under $500 

We carry all current Macs as well as used, refurbished and closeout 
models, so there is a Mac for any budget. 

Visit» Smalldog.com/macs 
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Free shipping over $200 

It’s true-we provide free, same-day ground shipping on every item over 
$200 every day. 



'7111 


Small Dog 

Electronics 

1joiA.r QA& 


www.smalldog.com 

800-511-NACS 

^ Apple Specialist 


Tax-free shopping 


Purchases outside of Vermont are 
always shipped tax-free. 


^ 13“ MacDookPro* 
Chill Pill® mobile speakers 
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Celebrating 15 Years • 3rd Largest Apple Specialist in New England - S-Star Merchant Rating • Same^day shipping 


Bundles T Macs Free Shipping T Tax-Free 
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Backup Battery Solutions 
for iPhone/iPod/iPad 


Richard I Solo' 


RichardSolo 1800 mAh 

Backup Battery with laser beam, 
ultra-bright flashlight, wall charger, 
car charger, and charging cable. 


Richard Solo' 
1800 


RS001 For iPhone 2G/3G/3GS/4 and iPod 

Now $19.95 


RS008 With Cable for IPhone 2G/3G/3GS/4 and iPod 

Now $29.95 


rPod is s at Appis in tfis U, S- ;ftnd oJftef counjfVej. 

iPfiione is e ffademart of Aj^pie inc. 


RichardjSola 

•MOBILE GHARnjci 


Metal-cased backup battery with 
nylon hard case, one USB port! 

RichardSolo 9000 mAh Universal Mobile Charger 
VT900 $69,95 


Charge anything with built-in USB port! 

RichardSoio 4400 mAh Battery Case for iPad 
TX440 $79,95 


Details ^ 
Online j 

RichantSaloxairi * 


RichantSaloxairi 


Bluetooth + quality hard keys, for iPad 
and all phones with 6T! 

Portfolio with Removable Bluetooth Keyboard 
QM001 $109,95 


1700 mAh built-in battery, rubberized finish, 
for 100% all-day power! 

RichardSolo Power Case for iPhone 4 
AU001 $59,95 



Weekly 

GREAT DEAL 


The WEEKLY GREAT DEAL offers 
incredible savings! Visit RichardSolo.com 
to sign up... it’s free and fun. 


FREE SHIPPING! 

Enter the discount code techoff at checkout! 


Order Now! RichardSolo,com 

















